Lucene search
WpvulndbWPVDB-ID:9A5D2332-6E9D-4EC2-9E50-809FFC589C0EHistoryJan 22, 2024 - 12:00 a.m.
Sticky Buttons < 3.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting
2024-01-2200:00:00
wpscan.com
8
wordpress
plugin
sticky buttons
3.2.3
authenticated
stored xss
vulnerability
multi-site
unfiltered_html
injection
Description The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Related
cve
cve
CVE-2024-0703
2024-01-23 11:15:08
prion
prion
Cross site scripting
2024-01-23 11:15:00
cvelist
cvelist
CVE-2024-0703
2024-01-23 11:01:21
nvd
nvd
CVE-2024-0703
2024-01-23 11:15:08
wordfence
wordfence
AI Score
5.8
Confidence
High
EPSS
0
Percentile
14.0%
Related for WPVDB-ID:9A5D2332-6E9D-4EC2-9E50-809FFC589C0E