Lucene search
WPScanVULNRICHMENT:CVE-2024-7133HistorySep 13, 2024 - 6:00 a.m.
CVE-2024-7133 My Sticky Bar < 2.7.3 - Admin+ Stored XSS
2024-09-1306:00:03
WPScan
github.com
1
cve-2024-7133 sticky bar storedxss wordpressplugin 2.7.3 securityissue
AI Score
6.1
Confidence
High
EPSS
0
Percentile
9.6%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:premio:my_sticky_bar:*:*:*:*:*:wordpress:*:*"
],
"vendor": "premio",
"product": "my_sticky_bar",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.7.3",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2024-7133
2024-09-13 06:15:15
cve
cve
CVE-2024-7133
2024-09-13 06:15:15
cvelist
cvelist
CVE-2024-7133 My Sticky Bar < 2.7.3 - Admin+ Stored XSS
2024-09-13 06:00:03
AI Score
6.1
Confidence
High
EPSS
0
Percentile
9.6%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-7133