Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total5
Critical0
High0
Medium5
Reset
Showing 1-5 of 5 records
Threat Entry Updated 2025-07-16

CVE-2024-2872 - Before 2024 Plugin

The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Before 2024

CVE-2024-2872

MEDIUM CVSS 4.8 2024-08-01
Open Full Technical Breakdown
Threat Entry Updated 2025-06-04

CVE-2024-2870 - Before 2024 Plugin

The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Before 2024

CVE-2024-2870

MEDIUM CVSS 6.1 2024-07-13
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-2430 - Before 2024 Plugin

The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

PLUGIN Before 2024

CVE-2024-2430

MEDIUM CVSS 5.4 2024-07-12
Open Full Technical Breakdown
Threat Entry Updated 2025-06-04

CVE-2024-2696 - Before 2024 Plugin

The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Before 2024

CVE-2024-2696

MEDIUM CVSS 4.8 2024-07-12
Open Full Technical Breakdown
Threat Entry Updated 2025-06-30

CVE-2024-2697 - Before 2024 Plugin

The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

PLUGIN Before 2024

CVE-2024-2697

MEDIUM CVSS 6.5 2024-05-17
Open Full Technical Breakdown
Scroll to top