Lucene search

CVE-2024-2697

🗓️ 17 May 2024 06:51:15Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 42 Views🌐 WEB

Socialdriver-framework WordPress plugin 2024.0.0 Stored XS

Reporter	Title	Published	Views	Family All 7
Cvelist	CVE-2024-2697 Swift Framework < 2024.0.0 - Contributor+ Stored XSS via Shortcode	17 May 202406:00	–	cvelist
WPVulnDB	Swift Framework < 2024.0.0 - Contributor+ Stored XSS via Shortcode	26 Apr 202400:00	–	wpvulndb
NVD	CVE-2024-2697	17 May 202406:15	–	nvd
Patchstack	WordPress Swift Framework Page Builder Plugin < 2024.0.0 is vulnerable to Cross Site Scripting (XSS)	17 May 202400:00	–	patchstack
wpexploit	Swift Framework < 2024.0.0 - Contributor+ Stored XSS via Shortcode	26 Apr 202400:00	–	wpexploit
Vulnrichment	CVE-2024-2697 Swift Framework < 2024.0.0 - Contributor+ Stored XSS via Shortcode	17 May 202406:00	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)	23 May 202415:00	–	wordfence

Vulners

Vulnrichment

Node

socialdriver\-frameworkRange<2024.0.0wordpress

[
  {
    "vendor": "Unknown",
    "product": "socialdriver-framework",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2024.0.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/c430b30d-61db-45f5-8499-91b491503b9c/
wordfence	www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/socialdriver-framework/swift-framework-202400-authenticated-contributor-stored-cross-site-scripting-via-shortcode

Parameter	Position	Path	Description	CWE
element_name	request body	/wp-content/plugins/socialdriver-framework/shortcodes/spb_boxed_content.php	Stored Cross-Site Scripting (XSS) vulnerability due to inadequate validation and escaping of shortcode attributes.	CWE-79
title	request body	/wp-content/plugins/socialdriver-framework/shortcodes/spb_boxed_content.php	Stored Cross-Site Scripting (XSS) vulnerability due to inadequate validation and escaping of shortcode attributes.	CWE-79
box_link	request body	/wp-content/plugins/socialdriver-framework/shortcodes/spb_boxed_content.php	Stored Cross-Site Scripting (XSS) vulnerability due to inadequate validation and escaping of shortcode attributes.	CWE-79
box_link_target	request body	/wp-content/plugins/socialdriver-framework/shortcodes/spb_boxed_content.php	Stored Cross-Site Scripting (XSS) vulnerability due to inadequate validation and escaping of shortcode attributes.	CWE-79
el_class	request body	/wp-content/plugins/socialdriver-framework/shortcodes/spb_boxed_content.php	Stored Cross-Site Scripting (XSS) vulnerability due to inadequate validation and escaping of shortcode attributes.	CWE-79
width	request body	/wp-content/plugins/socialdriver-framework/shortcodes/spb_boxed_content.php	Stored Cross-Site Scripting (XSS) vulnerability due to inadequate validation and escaping of shortcode attributes.	CWE-79
el_position	request body	/wp-content/plugins/socialdriver-framework/shortcodes/spb_boxed_content.php	Stored Cross-Site Scripting (XSS) vulnerability due to inadequate validation and escaping of shortcode attributes.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 May 2024 06:15Current

5.8Medium risk

Vulners AI Score5.8

CVSS36.5

EPSS0.00043

SSVC

CWE-79