Vulnerabilities > Wpsocialrocket > Social Rocket > 1.3.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-07 | CVE-2024-9697 | Missing Authorization vulnerability in Wpsocialrocket Social Rocket The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. | 5.3 |
| 2025-01-07 | CVE-2024-9702 | Cross-site Scripting vulnerability in Wpsocialrocket Social Rocket The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialrocket-floating' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-22 | CVE-2024-37258 | Unspecified vulnerability in Wpsocialrocket Social Rocket Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Social Rocket allows Reflected XSS.This issue affects Social Rocket: from n/a through 1.3.3. | 6.1 |