cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-2872,https://securityvulnerability.io/vulnerability/CVE-2024-2872,Plugin vulnerability allows Stored Cross-Site Scripting attacks,"The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Socialdriver-framework,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-08-01T06:00:04.565Z,0
CVE-2024-2870,https://securityvulnerability.io/vulnerability/CVE-2024-2870,Reflected Cross-Site Scripting Vulnerability in SocialDriver-Framework WordPress Plugin,"The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,Socialdriver-framework,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:02.984Z,0
CVE-2024-2696,https://securityvulnerability.io/vulnerability/CVE-2024-2696,Unfiltered HTML Kretes Stored Cross-Site Scripting Attacks,"The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Socialdriver-framework,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-12T06:00:05.434Z,0
CVE-2024-2697,https://securityvulnerability.io/vulnerability/CVE-2024-2697,Cross-Site Scripting Vulnerability in SocialDriver WordPress Plugin,"The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.",Wordpress,Socialdriver-framework,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-05-17T06:00:01.759Z,0