3 matches found
CVE-2022-2709
The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2709
CVE-2022-2709 affects the Float to Top Button WordPress plugin (versions ≤ 2.3.6). The vulnerability arises because the plugin does not escape certain settings, enabling stored XSS by high-privilege users (e.g., admins), including in multisite setups. Mitigation provided in the connected docs inc...
CVE-2022-2709 Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting
The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...