3 matches found
CVE-2023-3225
CVE-2023-3225 refers to a vulnerability in the Float Menu WordPress plugin, where versions prior to 5.0.3 fail to sanitize and escape certain settings. This enables stored Reflected/Stored Cross-Site Scripting by high-privilege users (e.g., administrators), even when unfiltered_html is disallowed...
CVE-2023-3225 Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting
The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-3225 Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting
The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...