CVE-2024-3280 Follow Us Badges <= 3.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode

🗓️ 02 May 2024 07:34:30Reported by WordfenceType

The Follow Us Badges plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsite_follow_us_badges shortcode

Reporter	Title	Published	Views	Family All 10
CVE	CVE-2024-3280	2 May 202407:34	–	cve
EUVD	EUVD-2024-31870	3 Oct 202520:07	–	euvd
NVD	CVE-2024-3280	2 May 202408:15	–	nvd
Patchstack	WordPress Follow Us Badges Plugin <= 3.1.10 is vulnerable to Cross Site Scripting (XSS)	2 May 202400:00	–	patchstack
Patchstack	WordPress Follow Us Badges plugin <= 3.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode vulnerability	2 May 202402:35	–	patchstack
Positive Technologies	PT-2024-24873 · WordPress · Follow Us Badges	2 May 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-3280	23 May 202509:23	–	redhatcve
Vulnrichment	CVE-2024-3280 Follow Us Badges <= 3.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode	2 May 202407:34	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)	9 May 202416:49	–	wordfence
WPVulnDB	Follow Us Badges < 3.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode	1 May 202400:00	–	wpvulndb

[
  {
    "vendor": "draftpress",
    "product": "Follow Us Badges",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "3.1.10",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/3078718/wpsite-follow-us-badges
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/ef1ccef8-9066-4f5c-b5c5-9fa6e54f0e87

08 Apr 2026 17:31Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.16.4

EPSS0.00168

CWE-79