Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-2362

Good to know:

icon

Date: June 12, 2023

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Language: PHP

Severity Score

Related Resources (3)

https://nvd.nist.gov/vuln/detail/CVE-2023-2362
https://wpscan.com/vulnerability/27e70507-fd68-4915-88cf-0b96ed55208e
https://www.mend.io/vulnerability-database/CVE-2023-2362

Severity Score

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

icon

Upgrade Version

Upgrade to version float-menu - 5.0.2, bubble-menu - 3.0.4, button-generation - 2.3.5, calculator-builder - 1.5.1, counter-box - 1.2.2, floating-button - 5.3.1, mwp-herd-effect - 5.2.2, popup-box - 2.2.2, side-menu-lite - 4.0.2, sticky-buttons - 3.1.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us