CVE-2024-8239

Starbox < 3.5.3 - Contributor+ Stored XSS

The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks.


We have discovered 4,168 live websites that are affected by CVE-2024-8239.

Contact us to get more info




Affected Software

Product  Starbox
Category Wordpress Plugins
Vulnerable Versions
  • from 0 before 3.5.3
Vulnerable Versions Count41 versions ( 100.00% of all versions)
Vulnerable Domains4,168 live websites (100.00% of Starbox install base)


Common Weakness Enumeration

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')



Details

  • Published - Sep 30, 2024
  • Updated - Oct 1, 2024

Credits

  • Dmitrii Ignatyev (finder)
  • WPScan (coordinator)

CVE-2024-8239 usage by Country

United States2,561 websites



Germany326 websites
France202 websites
Poland144 websites
Italy85 websites
GB81 websites
Spain78 websites
Cyprus55 websites
Vietnam51 websites
Bulgaria49 websites

CVE-2024-8239 usage by TLD

.com2,433 websites
.org218 websites
.de173 websites
.net148 websites
.pl133 websites
.co.uk116 websites
.fr84 websites
.it79 websites
.com.br53 websites
.es42 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-8239

Top websites that are affected by CVE-2024-8239. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
**************.**.uk United States**,***
*******************.ro Romania**,***
**********.com United States**,***
******.com United States**,***
*****************.***.au United States**,***
*******.de Germany**,***
*********.com United States**,***
*************.de Germany**,***
***********.com United States**,***
*********.com United States**,***
See full domain list

FAQ

CVE-2024-8239 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Starbox
A total of 4,168 websites have been identified as vulnerable to CVE-2024-8239, discovered through global website indexing conducted by WebTechSurvey.
Starbox is susceptible to CVE-2024-8239 vulnerability.
Starbox versions before 3.5.3 are vulnerable to CVE-2024-8239.
Version 3.5.3 of Starbox addresses the CVE-2024-8239 security vulnerability.