CVE-2024-2872
- EPSS 0.16%
- Veröffentlicht 01.08.2024 06:15:02
- Zuletzt bearbeitet 16.07.2025 15:49:38
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html c...
CVE-2024-2870
- EPSS 0.28%
- Veröffentlicht 13.07.2024 06:15:02
- Zuletzt bearbeitet 04.06.2025 16:16:48
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-2696
- EPSS 0.11%
- Veröffentlicht 12.07.2024 06:15:03
- Zuletzt bearbeitet 04.06.2025 16:16:24
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabil...
CVE-2024-2697
- EPSS 0.43%
- Veröffentlicht 17.05.2024 06:15:51
- Zuletzt bearbeitet 30.06.2025 17:58:22
The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site ...