Medium severity5.3NVD Advisory· Published Jan 7, 2025· Updated Apr 8, 2026
CVE-2024-9697
CVE-2024-9697
Description
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.
Affected products
1- cpe:2.3:a:wpsocialrocket:social_rocket:*:*:*:*:*:wordpress:*:*Range: <=1.3.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.wordfence.com/threat-intel/vulnerabilities/id/168dd2d4-bffb-4187-afc7-02fef8cb51a7nvdThird Party Advisory
- plugins.trac.wordpress.org/browser/social-rocket/trunk/admin/includes/class-social-rocket-admin.phpnvdProduct
- plugins.trac.wordpress.org/browser/social-rocket/trunk/admin/includes/class-social-rocket-admin.phpnvdProduct
- plugins.trac.wordpress.org/browser/social-rocket/trunk/admin/includes/class-social-rocket-admin.phpnvdProduct
- plugins.trac.wordpress.org/changeset/3347243/nvd
News mentions
0No linked articles in our index yet.