CVE-2023-2362

🗓️ 12 Jun 2023 17:28:22Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 66 Views🌐 WEB

CVE-2023-2362 Float menu, Bubble Menu, Button Generator, and other WordPress plugins before specified versions are vulnerable to Reflected XSS

Reporter	Title	Published	Views	Family All 14
CNNVD	WordPress Plugin Float menu 跨站脚本漏洞	12 Jun 202300:00	–	cnnvd
Cvelist	CVE-2023-2362 Multiple Plugins from Wow-Company - Reflected XSS	12 Jun 202317:28	–	cvelist
EUVD	EUVD-2023-33852	3 Oct 202520:07	–	euvd
NVD	CVE-2023-2362	12 Jun 202318:15	–	nvd
OSV	CVE-2023-2362	12 Jun 202318:15	–	osv
Patchstack	WordPress Bubble Menu – circle floating menu Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS)	26 May 202300:00	–	patchstack
Patchstack	WordPress WP Coder Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)	26 May 202300:00	–	patchstack
Prion	Cross site scripting	12 Jun 202318:15	–	prion
Positive Technologies	PT-2023-19080 · WordPress · Float Menu +11	12 Jun 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-2362	23 May 202501:48	–	redhatcve

NVD

Vulners

Node

wow-company bubble_menuRange<3.0.4freewordpress

wow-company button_generatorRange<2.3.5wordpress

wow-company calculator-builderRange<1.5.1wordpress

wow-company counter_boxRange<1.2.2wordpress

wow-company float_menuRange<5.0.2wordpress

wow-company floating_buttonRange<5.3.1wordpress

wow-company herd_effectsRange<5.2.2wordpress

wow-company popup_boxRange<2.2.2wordpress

wow-company side_menu_liteRange<4.0.2wordpress

wow-company sticky_buttonsRange<3.1.1wordpress

wow-company wow_skype_buttonsRange<4.0.2wordpress

wow-company wp_coderRange<2.5.6wordpress

[
  {
    "vendor": "Unknown",
    "product": "Float menu",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "5.0.2"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Bubble Menu",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "3.0.4"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Button Generator",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "2.3.5"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Calculator Builder",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.5.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Counter Box",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.2.2"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Floating Button",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "5.3.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Herd Effects",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "5.2.2"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Popup Box",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "2.2.2"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Side Menu Lite",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.0.2"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Sticky Buttons",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "3.1.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Wow Skype Buttons",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.0.2"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "WP Coder",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "2.5.6"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/27e70507-fd68-4915-88cf-0b96ed55208e

Parameter	Position	Path	Description	CWE
page	request body	wp-admin/admin.php?page=float-menu	Reflected XSS due to unescaped page parameter in an attribute; could be triggered when the form is submitted and the value is reflected.	CWE-79

05 May 2025 16:15Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.1

EPSS0.00148

SSVC