Lucene search

[email protected]CVE-2023-2362

HistoryJun 12, 2023 - 6:15 p.m.

CVE-2023-2362

2023-06-1218:15:09

[email protected]

web.nvd.nist.gov

cve-2023-2362

wordpress

plugin

xss

security

vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

24.9%

JSON

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Affected configurations

Vulners

NVD

Node

wow-estorefloat_menuRange<5.0.2

wow-companybubble_menuRange<3.0.4

wow-companybutton_generatorRange<2.3.5

wow-companycalculator-builderRange<1.5.1

wow-companycounter_boxRange<1.2.2

floating_action_button_projectfloating_action_buttonRange<5.3.1

wow-companyherd_effectsRange<5.2.2

ays-propopup_boxRange<2.2.2

simpel_sidenetbutikRange<4.0.2

wow-companysticky_buttonsRange<3.1.1

wow-companywow_skype_buttonsRange<4.0.2

wow-companywp_coderRange<2.5.6

VendorProductVersionCPE
wow\-estorefloat_menu*cpe:2.3:a:wow\-estore:float_menu:*:*:*:*:*:*:*:*
wow\-companybubble_menu*cpe:2.3:a:wow\-company:bubble_menu:*:*:*:*:*:*:*:*
wow\-companybutton_generator*cpe:2.3:a:wow\-company:button_generator:*:*:*:*:*:*:*:*
wow\-companycalculator\-builder*cpe:2.3:a:wow\-company:calculator\-builder:*:*:*:*:*:*:*:*
wow\-companycounter_box*cpe:2.3:a:wow\-company:counter_box:*:*:*:*:*:*:*:*
floating_action_button_projectfloating_action_button*cpe:2.3:a:floating_action_button_project:floating_action_button:*:*:*:*:*:*:*:*
wow\-companyherd_effects*cpe:2.3:a:wow\-company:herd_effects:*:*:*:*:*:*:*:*
ays\-propopup_box*cpe:2.3:a:ays\-pro:popup_box:*:*:*:*:*:*:*:*
simpel_sidenetbutik*cpe:2.3:a:simpel_side:netbutik:*:*:*:*:*:*:*:*
wow\-companysticky_buttons*cpe:2.3:a:wow\-company:sticky_buttons:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wow\-estore	float_menu	*	cpe:2.3:a:wow\-estore:float_menu::::::::
wow\-company	bubble_menu	*	cpe:2.3:a:wow\-company:bubble_menu::::::::
wow\-company	button_generator	*	cpe:2.3:a:wow\-company:button_generator::::::::
wow\-company	calculator\-builder	*	cpe:2.3:a:wow\-company:calculator\-builder::::::::
wow\-company	counter_box	*	cpe:2.3:a:wow\-company:counter_box::::::::
floating_action_button_project	floating_action_button	*	cpe:2.3:a:floating_action_button_project:floating_action_button::::::::
wow\-company	herd_effects	*	cpe:2.3:a:wow\-company:herd_effects::::::::
ays\-pro	popup_box	*	cpe:2.3:a:ays\-pro:popup_box::::::::
simpel_side	netbutik	*	cpe:2.3:a:simpel_side:netbutik::::::::
wow\-company	sticky_buttons	*	cpe:2.3:a:wow\-company:sticky_buttons::::::::

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Float menu",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "5.0.2"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Bubble Menu",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "3.0.4"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Button Generator",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "2.3.5"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Calculator Builder",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.5.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Counter Box",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.2.2"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Floating Button",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "5.3.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Herd Effects",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "5.2.2"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Popup Box",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "2.2.2"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Side Menu Lite",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.0.2"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Sticky Buttons",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "3.1.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Wow Skype Buttons",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.0.2"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "WP Coder",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "2.5.6"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]