CVE-2026-4811

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

CVE-2026-4811

CVE-2026-4811 affects the WordPress plugin WPB Floating Menu & Categories (Sticky Floating Side Menu & Categories with Icons). All versions up to 1.0.8 are vulnerable to Stored Cross-Site Scripting via the Icon CSS Class category field due to insufficient input sanitization and output escaping. E...

CVE-2026-4811 WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting via 'Icon CSS Class' Category Field

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

CVE-2026-4811 WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting via 'Icon CSS Class' Category Field

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

WordPress plugin wpb-floating-menu-or-categories 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-42393

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

WordPress WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons plugin <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by BaroHaf - fpt in WordPress Plugin WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons versions = 1.0.8...

PT-2025-5528 · Unknown · Bubble Menu

Name of the Vulnerable Software and Affected Versions: Bubble Menu – circle floating menu versions through 4.0.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. Recommendations: For versions through 4.0.2, update to a version lat...

WordPress plugin Bubble Menu – circle floating menu 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Bubble Menu - circle floating menu A...

Malicious code in extension-floating-menu (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9619 Malicious code in extension-floating-menu (npm)

--- -= Per source details. Do not edit below this line.=-...

WordPress Bubble Menu – circle floating menu Plugin < 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Bubble Menu – circle floating menu Type Plugin Vulnerable versions 3.0.5 Fixed in 3.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3650 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 29b436660257 Credits Dipak...

WordPress Bubble Menu – circle floating menu Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Bubble Menu – circle floating menu Type Plugin Vulnerable versions = 3.0.3 Fixed in 3.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2362 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 5c8ff648baff Credits Erw...

CVE-2023-23984

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Bubble Menu – circle floating menu plugin = 3.0.1 leading to form deletion...

Bubble Menu - Circle Floating Menu < 3.0.2 - Form Deletion via CSRF

The plugin does not have CSRF checks when deleting forms, which could allow attackers to make logged in users perform such actions via a CSRF attack...

CVE-2020-25378

Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...

CVE-2020-25378

Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...

CVE-2020-25378

Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...

CVE-2020-25378

Summary (grounded): CVE-2020-25378 affects WordPress plugins from AccessPress Themes: WP Floating Menu, version 1.3.0. The vulnerability is a Cross Site Scripting (XSS) weakness triggered by the id parameter in the GET request (reflected XSS). Some sources describe the issue as authenticated and ...

WP Floating Menu < 1.4.1 - Authenticated Reflected Cross-Site Scripting

The id GET parameter used by WP Floating menu does not correctly sanitise user input before reflecting the parameter back to the user, resulting in a reflected XSS vulnerability. Other sanitisation have been added to prevent other XSS issues as well as potential SQL injections. PoC...