Lucene search

WPScanCVE-2024-7133

HistorySep 13, 2024 - 6:15 a.m.

CVE-2024-7133

2024-09-1306:15:15

WPScan

web.nvd.nist.gov

wordpress

plugin

2.7.3

security

advisory

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

Percentile

9.6%

JSON

The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks.

Affected configurations

Vulners

Vulnrichment

Node

galdubfloating_notification_bar\,_sticky_menu_on_scroll\,_announcement_banner\,_and_sticky_header_for_any_theme_–_my_sticky_bar_\(formerly_mystickymenu\)Range<2.7.3wordpress

VendorProductVersionCPE
galdubfloating_notification_bar\,_sticky_menu_on_scroll\,_announcement_banner\,_and_sticky_header_for_any_theme_–_my_sticky_bar_\(formerly_mystickymenu\)*cpe:2.3:a:galdub:floating_notification_bar\,_sticky_menu_on_scroll\,_announcement_banner\,_and_sticky_header_for_any_theme_–_my_sticky_bar_\(formerly_mystickymenu\):*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
galdub	floating_notification_bar\,_sticky_menu_on_scroll\,_announcement_banner\,_and_sticky_header_for_any_theme_–_my_sticky_bar_\(formerly_mystickymenu\)	*	cpe:2.3:a:galdub:floating_notification_bar\,_sticky_menu_on_scroll\,_announcement_banner\,_and_sticky_header_for_any_theme_–_my_sticky_bar_\(formerly_mystickymenu\)::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.7.3"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/c81c1622-33d1-41f2-ba63-f06bd4c125ab/