Lucene search
WPScanVULNRICHMENT:CVE-2024-2430HistoryJul 12, 2024 - 6:00 a.m.
CVE-2024-2430 Website Content in Page or Post < 2024.04.09 - Contributor+ Stored Cross-Site Scripting
2024-07-1206:00:04
WPScan
github.com
cve-2024-2430
wordpress plugin
stored cross-site scripting
contributor role
AI Score
5.9
Confidence
High
EPSS
0
Percentile
14.5%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:matteoenna:website_content_in_page_or_post:*:*:*:*:*:*:*:*"
],
"vendor": "matteoenna",
"product": "website_content_in_page_or_post",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2024.04.09",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2024-2430
2024-07-12 06:15:03
cve
cve
CVE-2024-2430
2024-07-12 06:15:03
cvelist
cvelist
osv
osv
python310-sqlparse-0.5.0-1.1 on GA media
2024-06-15 00:00:00
wordfence
wordfence
AI Score
5.9
Confidence
High
EPSS
0
Percentile
14.5%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-2430