CVE-2024-4090 My Sticky Bar < 2.7.2 - Admin+ Stored XSS

2024-08-0106:00:05

WPScan

www.cve.org

cve-2024-4090

sticky bar

admin+

wordpress

cross-site scripting

EPSS

Percentile

9.4%

JSON

The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.7.2"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/aedcb986-0f2b-4852-baf1-6cb61e83e109/

EPSS

Percentile

9.4%

JSON

Related for CVELIST:CVE-2024-4090