Lucene search
WPScanVULNRICHMENT:CVE-2024-4090HistoryAug 01, 2024 - 6:00 a.m.
CVE-2024-4090 My Sticky Bar < 2.7.2 - Admin+ Stored XSS
2024-08-0106:00:05
WPScan
github.com
2
cve-2024-4090; sticky bar; cross-site scripting; wordpress plugin; high privilege users; unfiltered_html disallowed; announcement banner; security vulnerability
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CNA Affected
[
{
"vendor": "Unknown",
"product": "Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.7.2",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:premio:my_sticky_bar:*:*:*:*:*:wordpress:*:*"
],
"vendor": "premio",
"product": "my_sticky_bar",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.7.2",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
]Related
cvelist
cvelist
CVE-2024-4090 My Sticky Bar < 2.7.2 - Admin+ Stored XSS
2024-08-01 06:00:05
cve
cve
CVE-2024-4090
2024-08-01 06:15:02
nvd
nvd
CVE-2024-4090
2024-08-01 06:15:02
wordfence
wordfence
AI Score
6
Confidence
High
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-4090