Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Social Rocket – Social Sharing Plugin by Unknown

    CVE-2022-3136 (GCVE-0-2022-3136)

    Vulnerability from nvd – Published: 2022-10-10 00:00 – Updated: 2024-08-03 01:00
    VLAI
    Title
    Social Rocket < 1.3.3 - Admin+ Stored Cross-Site Scripting
    Summary
    The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-Site Scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Unknown Social Rocket – Social Sharing Plugin Affected: 1.3.3 , < 1.3.3 (custom)
    Create a notification for this product.
    Credits
    Asif Nawaz Minhas
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:00:10.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/913d7e78-23f6-4b0d-aca3-17051a2dc649"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Social Rocket \u2013 Social Sharing Plugin",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.3.3",
                  "status": "affected",
                  "version": "1.3.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Asif Nawaz Minhas"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-10T00:00:00.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "url": "https://wpscan.com/vulnerability/913d7e78-23f6-4b0d-aca3-17051a2dc649"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Social Rocket \u003c 1.3.3 - Admin+ Stored Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-3136",
        "datePublished": "2022-10-10T00:00:00.000Z",
        "dateReserved": "2022-09-06T00:00:00.000Z",
        "dateUpdated": "2024-08-03T01:00:10.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3136 (GCVE-0-2022-3136)

    Vulnerability from cvelistv5 – Published: 2022-10-10 00:00 – Updated: 2024-08-03 01:00
    VLAI
    Title
    Social Rocket < 1.3.3 - Admin+ Stored Cross-Site Scripting
    Summary
    The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-Site Scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Unknown Social Rocket – Social Sharing Plugin Affected: 1.3.3 , < 1.3.3 (custom)
    Create a notification for this product.
    Credits
    Asif Nawaz Minhas
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:00:10.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/913d7e78-23f6-4b0d-aca3-17051a2dc649"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Social Rocket \u2013 Social Sharing Plugin",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.3.3",
                  "status": "affected",
                  "version": "1.3.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Asif Nawaz Minhas"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-10T00:00:00.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "url": "https://wpscan.com/vulnerability/913d7e78-23f6-4b0d-aca3-17051a2dc649"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Social Rocket \u003c 1.3.3 - Admin+ Stored Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-3136",
        "datePublished": "2022-10-10T00:00:00.000Z",
        "dateReserved": "2022-09-06T00:00:00.000Z",
        "dateUpdated": "2024-08-03T01:00:10.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }