nvd-json-data-feeds/CVE-2024/CVE-2024-25xx/CVE-2024-2583.json

{
  "id": "CVE-2024-2583",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2024-04-13T05:15:48.923",
  "lastModified": "2024-08-01T13:49:48.777",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks."
    },
    {
      "lang": "es",
      "value": "El complemento WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress anterior a 7.0.5 no escapa adecuadamente de algunos de sus atributos de c\u00f3digos cortos antes de que se repitan a los usuarios, lo que hace posible que los usuarios con el rol de colaborador realicen ataques XSS almacenados."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ]
  },
  "references": [
    {
      "url": "https://wpscan.com/vulnerability/98d8c713-e8cd-4fad-a8fb-7a40db2742a2/",
      "source": "contact@wpscan.com"
    }
  ]
}