Cross-Site Scripting vulnerability in Starbox WordPress plugin
CVE-2024-7955
Key Information:
Badges
Summary
The vulnerability in the Starbox WordPress plugin arises from insufficient sanitization and escaping of specific settings in versions prior to 3.5.2. This deficiency enables privileged users, including administrators, to execute Stored Cross-Site Scripting attacks. Even in environments where the unfiltered_html capability is disabled, such as in multisite configurations, attackers can manipulate content and introduce malicious scripts, potentially leading to unauthorized actions or data loss. Website administrators are advised to update to the latest plugin version to mitigate this risk effectively.
Affected Version(s)
Starbox 0 < 3.5.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved