CVE-2024-2430 Common Vulnerabilities and Exposures

Upstream information

CVE-2024-2430 at MITRE

Description

The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

SUSE information

Overall state of this security issue: Does not affect SUSE products

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Server 16.0	`python313-sqlparse >= 0.5.3-160000.2.2`	Patchnames: SUSE Linux Enterprise Server 16.0 GA python313-sqlparse-0.5.3-160000.2.2
openSUSE Tumbleweed	`python310-sqlparse >= 0.5.0-1.1` `python311-sqlparse >= 0.5.0-1.1` `python312-sqlparse >= 0.5.0-1.1`	Patchnames: openSUSE-Tumbleweed-2024-13938

SUSE Timeline for this CVE

CVE page created: Thu May 9 00:42:47 2024
CVE page last modified: Sun Nov 2 13:49:51 2025