Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 12/06/2023 Updated: 07/11/2023

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 0

The Float menu WordPress plugin prior to 5.0.2, Bubble Menu WordPress plugin prior to 3.0.4, Button Generator WordPress plugin prior to 2.3.5, Calculator Builder WordPress plugin prior to 1.5.1, Counter Box WordPress plugin prior to 1.2.2, Floating Button WordPress plugin prior to 5.3.1, Herd Effects WordPress plugin prior to 5.2.2, Popup Box WordPress plugin prior to 2.2.2, Side Menu Lite WordPress plugin prior to 4.0.2, Sticky Buttons WordPress plugin prior to 3.1.1, Wow Skype Buttons WordPress plugin prior to 4.0.2, WP Coder WordPress plugin prior to 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Vulnerable Product	Search on Vulmon	Subscribe to Product
wow-company button generator
wow-company bubble menu
wow-company float menu
wow-company wp coder
wow-company wow skype buttons
wow-company sticky buttons
wow-company side menu lite
wow-company herd effects
wow-company floating button
wow-company counter box
wow-company calculator-builder
wow-company popup box

https://wpscan.com/vulnerability/27e70507-fd68-4915-88cf-0b96ed55208e https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-2362

Vulnerability Summary

References

Vulmon Search

About

Products

Connect