CVE-2023-2362

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.1%

top 64.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Bubble Menu Unknown Button Generator Unknown Calculator Builder +21 more

Timeline

PublishedJun 12

Description

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages24 packages

▶CVEListV5unknown/side_menu_lite< 4.0.2

▶CVEListV5unknown/sticky_buttons< 3.1.1

▶CVEListV5unknown/wow_skype_buttons< 4.0.2

▶NVDwow-company/side_menu_lite< 4.0.2

▶NVDwow-company/sticky_buttons< 3.1.1

🔴Vulnerability Details

CVEList

Multiple Plugins from Wow-Company - Reflected XSS↗2023-06-12

▶

GHSA

GHSA-vx6w-q89v-7755: The Float menu WordPress plugin before 5↗2023-06-12

▶