Medium CVSS 4.8

Overview

The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 4.8 (MEDIUM)
  • Detected tags: wordpress, xss (tag impact: MODERATE)

Recommended actions:

  • Apply context-aware output encoding.
  • Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags