Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:15 a.m.10 views

CVE-2023-3650

The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

4.8CVSS5.8AI score0.00636EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/08/08 12:0 a.m.13 views

WordPress Bubble Menu – circle floating menu Plugin < 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Bubble Menu – circle floating menu Type Plugin Vulnerable versions 3.0.5 Fixed in 3.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3650 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 29b436660257 Credits Dipak...

4.8CVSS5.7AI score0.00636EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2023/08/07 3:15 p.m.25 views

CVE-2023-3650

The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

4.8CVSS4.8AI score0.00636EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/08/07 2:31 p.m.32 views

CVE-2023-3650 Bubble Menu < 3.0.5 - Admin+ Stored XSS

The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

5AI score0.00636EPSS
Exploits2References1
CVE
CVE
added 2023/08/07 2:31 p.m.53 views

CVE-2023-3650

CVE-2023-3650 affects the WordPress Bubble Menu plugin (versions before 3.0.5). The issue is that the plugin does not sanitize and escape certain settings, enabling stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (notably in multisite set...

4.8CVSS4.7AI score0.00636EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder