CVE-2024-2430 — Vulnetix

CVE-2024-2430 PUBLISHED CVSS 6.5 MEDIUM

The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

EPSS 0.14% · 34.2th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

EPSS Score

0.14%

34.2th percentile

Affected Products

Vendor	Product	Versions
matteoenna	website_content_in_page_or_post	0
matteoenna	website_content_in_page_or_post	0
Unknown	Website Content in Page or Post	0

Timeline

Jul 12, 2024 EPSS Score
Jul 12, 2024 CVE Published
Aug 1, 2024 CVE Updated
Aug 7, 2024 EPSS Score
Aug 29, 2024 EPSS Score
Sep 19, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Nov 2, 2024 EPSS Score
Nov 24, 2024 EPSS Score
Dec 16, 2024 EPSS Score
Jan 7, 2025 EPSS Score
Jan 29, 2025 EPSS Score

References

https://wpscan.com/vulnerability/990b7d7a-3d7a-46d5-9aeb-740de817e2d9/ exploit
https://nvd.nist.gov/vuln/detail/CVE-2024-2430 advisory
https://wpscan.com/vulnerability/990b7d7a-3d7a-46d5-9aeb-740de817e2d9 url

Open in Interactive Console →