CVE-2024-8239

Name of the Vulnerable Software and Affected Versions: Starbox WordPress plugin versions prior to 3.5.3

Description: The issue concerns the improper rendering of social media profiles URLs in certain contexts, such as a malicious user's profile or pages where the starbox shortcode is used. This can be exploited by users with at least the contributor role to conduct Stored XSS attacks.

Recommendations: For versions prior to 3.5.3, update to version 3.5.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the starbox shortcode to minimize the risk of exploitation. Additionally, limiting the contributor role's capabilities may also help mitigate the risk until a patch is applied.