Medium severity6.5NVD Advisory· Published May 17, 2024· Updated Jun 17, 2026
CVE-2024-2697
CVE-2024-2697
Description
The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- WordPress/socialdriver-framework WordPress plugindescription
<2024.0.0+ 1 more
- (no CPE)range: <2024.0.0
- (no CPE)
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.