The Float menu WordPress plugin prior to 5.0.2, Bubble Menu WordPress plugin prior to 3.0.4, Button Generator WordPress plugin prior to 2.3.5, Calculator Builder WordPress plugin prior to 1.5.1, Counter Box WordPress plugin prior to 1.2.2, Floating Button WordPress plugin prior to 5.3.1, Herd Effects WordPress plugin prior to 5.2.2, Popup Box WordPress plugin prior to 2.2.2, Side Menu Lite WordPress plugin prior to 4.0.2, Sticky Buttons WordPress plugin prior to 3.1.1, Wow Skype Buttons WordPress plugin prior to 4.0.2, WP Coder WordPress plugin prior to 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wow-company button generator |
||
wow-company bubble menu |
||
wow-company float menu |
||
wow-company wp coder |
||
wow-company wow skype buttons |
||
wow-company sticky buttons |
||
wow-company side menu lite |
||
wow-company herd effects |
||
wow-company floating button |
||
wow-company counter box |
||
wow-company calculator-builder |
||
wow-company popup box |