Back

CVE-2024-8239

Sept. 30, 2024, 12:45 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Starbox WordPress plugin

  • before 3.5.3

Source

contact@wpscan.com

Tags

contact@wpscan.com
2024-09-30
CVE-2024-8239

CVE-2024-8239 details

Published : Sept. 30, 2024, 6:15 a.m.
Last Modified : Sept. 30, 2024, 12:45 p.m.

Description

The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://wpscan.com/vulnerability/02796da0-218d-4cbb-98ca-49eeea83cac5/ contact@wpscan.com
This website uses the NVD API, but is not approved or certified by it.