3 matches found
CVE-2023-2362
CVE-2023-2362 is a reflected XSS affecting multiple WordPress plugins from Wow-Company (e.g., Float menu, Bubble Menu, Button Generator, Calculator Builder, Counter Box, Floating Button, Herd Effects, Popup Box, Side Menu Lite, Sticky Buttons, Wow Skype Buttons, WP Coder). Root cause: page parame...
CVE-2024-2405
The CVE-2024-2405 entry concerns the WordPress plugin Float Menu, with versions prior to 6.0.1 lacking a CSRF check in bulk actions. The risk described is that a logged-in attacker could trigger CSRF to cause an admin to delete menus. Public sources consistently label the issue as CSRF in bulk ac...
CVE-2023-3225
CVE-2023-3225 refers to a vulnerability in the Float Menu WordPress plugin, where versions prior to 5.0.3 fail to sanitize and escape certain settings. This enables stored Reflected/Stored Cross-Site Scripting by high-privilege users (e.g., administrators), even when unfiltered_html is disallowed...