CVE-2026-4811

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

CVE-2026-4811

CVE-2026-4811 affects the WordPress plugin WPB Floating Menu & Categories (Sticky Floating Side Menu & Categories with Icons). All versions up to 1.0.8 are vulnerable to Stored Cross-Site Scripting via the Icon CSS Class category field due to insufficient input sanitization and output escaping. E...

CVE-2026-4811 WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting via 'Icon CSS Class' Category Field

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

CVE-2026-4811 WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting via 'Icon CSS Class' Category Field

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

PT-2026-42393

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

WordPress plugin wpb-floating-menu-or-categories 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons plugin <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by BaroHaf - fpt in WordPress Plugin WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons versions = 1.0.8...

WordPress plugin Bubble Menu – circle floating menu 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Bubble Menu - circle floating menu A...

PT-2025-5528 · Unknown · Bubble Menu

Name of the Vulnerable Software and Affected Versions: Bubble Menu – circle floating menu versions through 4.0.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. Recommendations: For versions through 4.0.2, update to a version lat...

MAL-2024-9619 Malicious code in extension-floating-menu (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in extension-floating-menu (npm)

--- -= Per source details. Do not edit below this line.=-...

WordPress Bubble Menu – circle floating menu Plugin < 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Bubble Menu – circle floating menu Type Plugin Vulnerable versions 3.0.5 Fixed in 3.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3650 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 29b436660257 Credits Dipak...

WordPress Bubble Menu – circle floating menu Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Bubble Menu – circle floating menu Type Plugin Vulnerable versions = 3.0.3 Fixed in 3.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2362 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 5c8ff648baff Credits Erw...

CVE-2023-23984

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Bubble Menu – circle floating menu plugin = 3.0.1 leading to form deletion...

Bubble Menu - Circle Floating Menu < 3.0.2 - Form Deletion via CSRF

The plugin does not have CSRF checks when deleting forms, which could allow attackers to make logged in users perform such actions via a CSRF attack...

CVE-2020-25378

Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...

CVE-2020-25378

Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...

CVE-2020-25378

Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...

CVE-2020-25378

Summary (grounded): CVE-2020-25378 affects WordPress plugins from AccessPress Themes: WP Floating Menu, version 1.3.0. The vulnerability is a Cross Site Scripting (XSS) weakness triggered by the id parameter in the GET request (reflected XSS). Some sources describe the issue as authenticated and ...

WP Floating Menu < 1.4.1 - Authenticated Reflected Cross-Site Scripting

The id GET parameter used by WP Floating menu does not correctly sanitise user input before reflecting the parameter back to the user, resulting in a reflected XSS vulnerability. Other sanitisation have been added to prevent other XSS issues as well as potential SQL injections. PoC...