Cross-site Scripting Vulnerability in Special Box for Content by Vasilis Triantafyllou
CVE-2024-31119

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Special Box For Content
Vendor: CVE Published:; 20 March 2026

What is CVE-2024-31119?

A vulnerability has been identified in the Special Box for Content plugin developed by Vasilis Triantafyllou, which allows for cross-site scripting (XSS) attacks due to improper neutralization of input during web page generation. This flaw impacts versions from n/a through 1, enabling attackers to manipulate DOM elements and execute malicious scripts in the context of users visiting affected pages. Website owners are advised to review their installations and implement necessary security measures to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Special Box for Content <= 1

References

https://patchstack.com/database/wordpress/plugin/special-...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 20, 2026
Vulnerability Reserved
Mar 28, 2024

Credit

Cronus | Patchstack Bug Bounty Program

JSON

WordPress