WordPress Follow Us Badges plugin <= 3.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode vulnerability

🗓️ 02 May 2024 02:35:47Reported by Lucio SáType

An authenticated user can trigger stored cross-site scripting via the wpsite_follow_us_badges shortcode in WordPress Follow Us Badges plugin up to 3.1.10.

Reporter	Title	Published	Views	Family All 10
CVE	CVE-2024-3280	2 May 202407:34	–	cve
Cvelist	CVE-2024-3280 Follow Us Badges <= 3.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode	2 May 202407:34	–	cvelist
EUVD	EUVD-2024-31870	3 Oct 202520:07	–	euvd
NVD	CVE-2024-3280	2 May 202408:15	–	nvd
Patchstack	WordPress Follow Us Badges Plugin <= 3.1.10 is vulnerable to Cross Site Scripting (XSS)	2 May 202400:00	–	patchstack
Positive Technologies	PT-2024-24873 · WordPress · Follow Us Badges	2 May 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-3280	23 May 202509:23	–	redhatcve
Vulnrichment	CVE-2024-3280 Follow Us Badges <= 3.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode	2 May 202407:34	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)	9 May 202416:49	–	wordfence
WPVulnDB	Follow Us Badges < 3.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode	1 May 202400:00	–	wpvulndb

Vulners

Node

wordpress follow_us_badgesRange≤3.1.10

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpsite-follow-us-badges/follow-us-badges-3110-authenticated-contributor-stored-cross-site-scripting-via-wpsite-follow-us-badges-shortcode

02 May 2024 02:35Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.16.4

EPSS0.00168

SSVC