31 matches found
Cross site scripting
The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-0703
CVE-2024-0703 affects the WordPress plugin Sticky Buttons – floating buttons builder (versions
WordPress Plugin Sticky Buttons Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2024-15764 · WordPress · The Sticky Buttons
Name of the Vulnerable Software and Affected Versions: The Sticky Buttons – floating buttons builder plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to Stored Cross-Site Scripting via sticky URLs due to insufficient input sanitization and output escapin...
WordPress Sticky Buttons Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)
Software Sticky Buttons Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0703 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ba3529117da4 Credits Dipak Panchal th3.d1p4k...
Sticky Buttons < 3.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2023-27418
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Side Menu Lite – add sticky fixed buttons plugin = 4.0 versions...
Cross site scripting
The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPre...
WordPress Plugin Float menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Float men...
PT-2023-19080 · WordPress · Float Menu +11
Name of the Vulnerable Software and Affected Versions: Float menu WordPress plugin versions prior to 5.0.2 Bubble Menu WordPress plugin versions prior to 3.0.4 Button Generator WordPress plugin versions prior to 2.3.5 Calculator Builder WordPress plugin versions prior to 1.5.1 Counter Box WordPre...
CVE-2021-24992
The CVE-2021-24992 issue affects the WordPress Buttonizer (Smart Floating / Sticky Buttons) plugin for WordPress, prior to version 2.5.5. The root cause is failure to sanitise and escape certain parameters before outputting them in HTML attributes and pages, enabling stored Cross-Site Scripting b...