Lucene search
Dipak Panchal (th3.d1pak)WPVDB-ID:3C76D0F4-2EA8-433D-AFB2-E35E45630899HistoryJun 19, 2023 - 12:00 a.m.
Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting
2023-06-1900:00:00
Dipak Panchal (th3.d1pak)
wpscan.com
9
float menu
plugin
vulnerability
version 5.0.3
admin
stored cross-site scripting
settings
high privilege users
unfiltered_html capability
multisite setup
0.001 Low
EPSS
Percentile
19.5%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PoC
1. Add a new item in the plugin settings 2. Enter the payload javascript:alert(/XSS/); in the “Link” field 3. Go to the homepage, and click on the generated link to trigger the XSS
| CPE | Name | Operator | Version |
|---|---|---|---|
| float-menu | lt | 5.0.3 |
Related
cve
cve
CVE-2023-3225
2023-07-10 16:15:55
nvd
nvd
CVE-2023-3225
2023-07-10 16:15:55
cvelist
cvelist
CVE-2023-3225 Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting
2023-07-10 12:41:13
prion
prion
Cross site scripting
2023-07-10 16:15:00
wpexploit
wpexploit
Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting
2023-06-19 00:00:00
wordfence
wordfence