Unknown Socialdriver-Framework vulnerabilities

CVE-2024-2872 [MEDIUM] CWE-79 CVE-2024-2872: The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of i The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2024-2870 [MEDIUM] CWE-79 CVE-2024-2870: The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a paramet The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE-2024-2696 [MEDIUM] CWE-79 CVE-2024-2696: The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of i The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2024-2697 [MEDIUM] CWE-79 CVE-2024-2697: The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.