Vulnerabilities (CVE)

Filtered by vendor Wpsocialrocket Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-37258 1 Wpsocialrocket 1 Social Rocket 2024-07-25 N/A 6.1 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Social Rocket allows Reflected XSS.This issue affects Social Rocket: from n/a through 1.3.3.
CVE-2022-3136 1 Wpsocialrocket 1 Social Rocket 2024-02-04 N/A 4.8 MEDIUM
The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2020-5611 1 Wpsocialrocket 1 Social Sharing 2024-02-04 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors.