CVE-2024-2697 Swift Framework < 2024.0.0 - Contributor+ Stored XSS via Shortcode

2024-05-1706:00:01

WPScan

www.cve.org

cve-2024-2697

swift framework

stored xss

shortcode

contributor role

cross-site scripting

wordpress plugin

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "socialdriver-framework",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2024.0.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]