CVE-2024-9697

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 7, 2025
CWE ID 862

Summary

CVE-2024-9697 is a vulnerability affecting the Social Rocket – Social Sharing Plugin for WordPress. This issue allows authenticated attackers, with Subscriber-level access and above, to manipulate plugin settings bypassing the necessary capability checks on the tweet_settings_save() and tweet_settings_update() functions. Consequently, attackers can unauthorized modify data in all versions up to and including 1.3.4 of the plugin. This vulnerability poses a risk to the data integrity and security of WordPress websites using the Social Rocket plugin. It is recommended that users update the plugin to the latest version as soon as possible to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share