CVE-2024-2430 Common Vulnerabilities and Exposures

Upstream information

CVE-2024-2430 at MITRE

Description

The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

SUSE information

Overall state of this security issue: Does not affect SUSE products

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`python310-sqlparse >= 0.5.0-1.1` `python311-sqlparse >= 0.5.0-1.1` `python312-sqlparse >= 0.5.0-1.1`	Patchnames: openSUSE-Tumbleweed-2024-13938

SUSE Timeline for this CVE

CVE page created: Thu May 9 00:42:47 2024
CVE page last modified: Tue Sep 3 19:32:17 2024