Cross-Site Scripting vulnerability in Starbox WordPress plugin
CVE-2024-7955
Key Information:
Badges
What is CVE-2024-7955?
The vulnerability in the Starbox WordPress plugin arises from insufficient sanitization and escaping of specific settings in versions prior to 3.5.2. This deficiency enables privileged users, including administrators, to execute Stored Cross-Site Scripting attacks. Even in environments where the unfiltered_html capability is disabled, such as in multisite configurations, attackers can manipulate content and introduce malicious scripts, potentially leading to unauthorized actions or data loss. Website administrators are advised to update to the latest plugin version to mitigate this risk effectively.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Starbox 0 < 3.5.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved