Vulnerabilities and security researches forsocial-rocket social-rocket

Jun 06, 2024

CVE, Research URL: CVE-2022-3136
Home page URL: Security reports for Social Rocket – Social Sharing Plugin
Application: Social Rocket – Social Sharing Plugin
Date: Oct 11, 2022
Research Description: The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: max 1.3.3.
Status: vulnerable

CVE, Research URL: CVE-2020-5611
Home page URL: Security reports for Social Rocket – Social Sharing Plugin
Application: Social Rocket – Social Sharing Plugin
Date: Jul 27, 2020
Research Description: Cross-site request forgery (CSRF) vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Affected versions: max 1.2.10.
Status: vulnerable

Jul 01, 2024

CVE, Research URL: CVE-2024-37258
Home page URL: Security reports for Social Rocket – Social Sharing Plugin
Application: Social Rocket – Social Sharing Plugin
Date: Jul 22, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Social Rocket allows Reflected XSS.This issue affects Social Rocket: from n/a through 1.3.3.
Affected versions: max 1.3.4.
Status: vulnerable

Jan 08, 2025

CVE, Research URL: CVE-2024-9702
Home page URL: Security reports for Social Rocket – Social Sharing Plugin
Application: Social Rocket – Social Sharing Plugin
Date: Jan 07, 2025
Research Description: The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialrocket-floating' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.3.4.1.
Status: vulnerable

CVE, Research URL: CVE-2024-9697
Home page URL: Security reports for Social Rocket – Social Sharing Plugin
Application: Social Rocket – Social Sharing Plugin
Date: Jan 07, 2025
Research Description: The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.
Affected versions: max 1.3.4.1.
Status: vulnerable

Apr 24, 2026

CVE, Research URL: CVE-2026-1923
Home page URL: Security reports for Social Rocket – Social Sharing Plugin
Application: Social Rocket – Social Sharing Plugin
Date: Apr 23, 2026
Research Description: The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.3.5.
Status: vulnerable