The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks.
We have discovered 4,168 live websites that are affected by CVE-2024-8239.
Product | Starbox |
Category | Wordpress Plugins |
Vulnerable Versions |
|
Vulnerable Versions Count | 41 versions ( 100.00% of all versions) |
Vulnerable Domains | 4,168 live websites (100.00% of Starbox install base) |
United States | 2,561 websites |
Germany | 326 websites |
France | 202 websites |
Poland | 144 websites |
Italy | 85 websites |
GB | 81 websites |
Spain | 78 websites |
Cyprus | 55 websites |
Vietnam | 51 websites |
Bulgaria | 49 websites |
.com | 2,433 websites |
.org | 218 websites |
.de | 173 websites |
.net | 148 websites |
.pl | 133 websites |
.co.uk | 116 websites |
.fr | 84 websites |
.it | 79 websites |
.com.br | 53 websites |
.es | 42 websites |
Domain | Country | Rank | Contacts |
---|---|---|---|
**************.**.uk | United States | **,*** | |
*******************.ro | Romania | **,*** | |
**********.com | United States | **,*** | |
******.com | United States | **,*** | |
*****************.***.au | United States | **,*** | |
*******.de | Germany | **,*** | |
*********.com | United States | **,*** | |
*************.de | Germany | **,*** | |
***********.com | United States | **,*** | |
*********.com | United States | **,*** |
FAQ