Cross site scripting

2015-07-1615:59:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

JSON

Cross-site scripting (XSS) vulnerability in the save_order function in class-floating-social-bar.php in the Floating Social Bar plugin before 1.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the items[] parameter in an fsb_save_order action to wp-admin/admin-ajax.php.

CPENameOperatorVersion
floating_social_barle1.1.5

CPE	Name	Operator	Version
	floating_social_bar	le	1.1.5

References

packetstormsecurity.com/files/132670/WordPress-Floating-Social-Bar-1.1.5-Cross-Site-Scripting.html

security.szurek.pl/floating-social-bar-115-xss.html

www.securityfocus.com/bid/75944

wordpress.org/plugins/floating-social-bar/changelog/

wpvulndb.com/vulnerabilities/8098