Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-2697
PUBLISHED
More InfoOfficial Page
Assigner-WPScan
Assigner Org ID-1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
View Known Exploited Vulnerability (KEV) details
Published At-17 May, 2024 | 06:00
Updated At-01 Aug, 2024 | 19:18
Rejected At-
▼CVE Numbering Authority (CNA)
Swift Framework < 2024.0.0 - Contributor+ Stored XSS via Shortcode

The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

Affected Products
Vendor
Unknown
Product
socialdriver-framework
Default Status
unaffected
Versions
Affected
  • From 0 before 2024.0.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Cross-Site Scripting (XSS)
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Cross-Site Scripting (XSS)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Bob Matyas
coordinator
WPScan
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://wpscan.com/vulnerability/c430b30d-61db-45f5-8499-91b491503b9c/
exploit
vdb-entry
technical-description
Hyperlink: https://wpscan.com/vulnerability/c430b30d-61db-45f5-8499-91b491503b9c/
Resource:
exploit
vdb-entry
technical-description
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
swift_framework
Product
socialdriver-framework
CPEs
  • cpe:2.3:a:swift_framework:socialdriver-framework:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2024.0.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/socialdriver-framework/swift-framework-202400-authenticated-contributor-stored-cross-site-scripting-via-shortcode
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/socialdriver-framework/swift-framework-202400-authenticated-contributor-stored-cross-site-scripting-via-shortcode
Resource: N/A
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://wpscan.com/vulnerability/c430b30d-61db-45f5-8499-91b491503b9c/
exploit
vdb-entry
technical-description
x_transferred
Hyperlink: https://wpscan.com/vulnerability/c430b30d-61db-45f5-8499-91b491503b9c/
Resource:
exploit
vdb-entry
technical-description
x_transferred
Details not found