Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.4 views

PT-2024-14090 · Premio · All-In-One Floating Contact Form – My Sticky Elements

Name of the Vulnerable Software and Affected Versions: All-in-one Floating Contact Form – My Sticky Elements versions 2.1.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This...

5.3CVSS9.3AI score0.00485EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/12/26 12:0 a.m.12 views

WordPress All-in-one Floating Contact Form – My Sticky Elements Plugin <= 2.1.3 is vulnerable to Broken Access Control

Software All-in-one Floating Contact Form – My Sticky Elements Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51362 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2c5f6cf38482...

6.6AI score0.00485EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/07/24 11:15 a.m.3 views

CVE-2023-3248

The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS7.3AI score0.00473EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/24 10:20 a.m.9 views

CVE-2023-3248 All-in-one Floating Contact Form < 2.1.2 - Admin+ Stored Cross-Site Scripting

The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.7AI score0.00473EPSS
Exploits1References1
Patchstack
Patchstack
added 2023/07/06 12:0 a.m.13 views

WordPress All-in-one Floating Contact Form – My Sticky Elements Plugin < 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Software All-in-one Floating Contact Form – My Sticky Elements Type Plugin Vulnerable versions 2.1.2 Fixed in 2.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3248 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID...

4.8CVSS5.8AI score0.00473EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.9 views

WordPress Floating Contact Form & Social Chat for WordPress – SupportBubble plugin <= 1.3.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Floating Contact Form & Social Chat for WordPress – SupportBubble plugin versions = 1.3.3. Solution No patched version available...

2.5AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/07 3:47 p.m.28 views

CVE-2022-0148 All-in-one Floating Contact Form < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS)

The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page...

5.4AI score0.01572EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/02/07 12:0 a.m.6 views

Wordpress Plugin All-in-one Floating Contact Form 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. wordpress Plugin All-in-one Floating Contact Form...

5.4CVSS5.3AI score0.01572EPSS
Exploits2References3
Rows per page
Query Builder