Lucene search
WordfenceCVELIST:CVE-2024-0703HistoryJan 23, 2024 - 11:01 a.m.
CVE-2024-0703
2024-01-2311:01:21
Wordfence
raw.githubusercontent.com
3
sticky buttons
wordpress
stored cross-site scripting
input sanitization
output escaping
multi-site installations
unfiltered_html disabled
cve-2024-0703
The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Related
wpvulndb
wpvulndb
Sticky Buttons < 3.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting
2024-01-22 00:00:00
cve
cve
CVE-2024-0703
2024-01-23 11:15:08
prion
prion
Cross site scripting
2024-01-23 11:15:00
wordfence
wordfence