Ctrl + K
/ news / CVE
CVEPublished 2024-05-30Modified 2026-04-080 articles on news6 live referencesNVD data

CVE-2024-2657

Vulnerability data via NVD (ingested)

CVSS v3.1
4.4
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
EPSS percentile
52
Exploit Prediction Scoring System · top 48% of all CVEs
Weaknesses (CWE)
CWE-87Improper Neutralization of Alternate XSS Syntax
Description

The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Timeline
Published 2024-05-30
Modified 2026-04-08

External references

NVDMITREExploit-DBGitHub PoCSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2024-2657
Hosts Shodan has explicitly fingerprinted as vulnerable.
More intel sources (5)
Shodan report
vuln:CVE-2024-2657
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2024-2657
Censys host search filtered to this CVE id.
grep.app
CVE-2024-2657
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2024-2657
GitHub code search for direct mentions.
Google dork
"CVE-2024-2657" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2024-26578 repos
asset-group/Sni5Gect-5GNR-sniffing-and-exploitationC++
A 5G Sniffer and Downlink Injector Framework on steroids... And yes, Wireshark supported!!!
★ 300·updated 1w ago
maxgfr/awesome-starsunknown
List of repositories that I liked on Github
★ 22·updated today
mooyoul/awesome-starsunknown
A curated list of my GitHub stars
★ 21·updated today
hiifong/starListPython
Export your star's repository list
★ 18·updated today
svg153/awesome-starsJavaScript
★ 12·updated today
Nsbx/awesome-starsunknown
My Awesome List generated by : https://github.com/abhijithvijayan/stargazed
★ 10·updated today
sunlei/awesome-starsPython
My GitHub stars.
★ 8·updated 1mo ago
JubinBlack/Disobey25unknown
Disobey 2025 hacker puzzle
★ 2·updated 1y ago
We haven't classified any articles referencing CVE-2024-2657 yet. The external references above still apply.