Products
Starbox WordPress plugin
- before 3.5.3
Source
contact@wpscan.com
Tags
CVE-2024-8239 details
Published : Sept. 30, 2024, 6:15 a.m.
Last Modified : Sept. 30, 2024, 12:45 p.m.
Last Modified : Sept. 30, 2024, 12:45 p.m.
Description
The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
https://wpscan.com/vulnerability/02796da0-218d-4cbb-98ca-49eeea83cac5/ | contact@wpscan.com |
This website uses the NVD API, but is not approved or certified by it.