CVE-2023-3225

Published: Jul 10, 2023Modified: Nov 21, 2024

4.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.7 / Impact: 2.7

Source: NVD

Description

The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Affected (1)

Products: Wow Company: Float Menu

Wow Company

1 product

Float Menu

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wow Company Float Menu	Before 5.0.3

References (2)

https://wpscan.com/vulnerability/3c76d0f4-2ea8-433d-afb2-e35e45630899

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/3c76d0f4-2ea8-433d-afb2-e35e45630899

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.