Upstream information

CVE-2024-2430 at MITRE

Description

The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

SUSE information

Overall state of this security issue: Does not affect SUSE products

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • python310-sqlparse >= 0.5.0-1.1
  • python311-sqlparse >= 0.5.0-1.1
  • python312-sqlparse >= 0.5.0-1.1
Patchnames:
openSUSE-Tumbleweed-2024-13938


SUSE Timeline for this CVE

CVE page created: Thu May 9 00:42:47 2024
CVE page last modified: Tue Sep 3 19:32:17 2024