CVE-2023-2362

Exploit

EPSS 0.12%
Veröffentlicht 12.06.2023 18:15:09
Zuletzt bearbeitet 05.05.2025 16:15:35
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Mögliche Gegenmaßnahme

Bubble Menu – Floating Button Menu with Sticky Navigation: Update to version 3.0.4, or a newer patched version

Button Generator – Easily Create Custom Buttons with Icons and Analytics: Update to version 2.3.5, or a newer patched version

Calculator Builder – Create an Online Calculator: Update to version 1.5.1, or a newer patched version

Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress: Update to version 1.2.2, or a newer patched version

Float menu – awesome floating side menu: Update to version 5.0.2, or a newer patched version

Social Proof Popups & Real-Time Notifications – Herd Effects: Update to version 5.2.2, or a newer patched version

Wow Skype Buttons: Update to version 4.0.2, or a newer patched version

Popup Box – Easily Create WordPress Popups: Update to version 2.2.2, or a newer patched version

Floating button: Update to version 5.3.1, or a newer patched version

Side Menu Lite – Sticky Floating Side Menu: Update to version 4.0.2, or a newer patched version

Sticky Buttons – Floating Buttons Builder: Update to version 3.1.1, or a newer patched version

WP Coder – Insert & Manage Code Snippets: Update to version 2.5.6, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Bubble Menu – Floating Button Menu with Sticky Navigation

Version * - 3.0.3

SystemWordPress Plugin

≫

Produkt Button Generator – Easily Create Custom Buttons with Icons and Analytics

Version * - 2.3.4

SystemWordPress Plugin

≫

Produkt Calculator Builder – Create an Online Calculator

Version * - 1.5.0

SystemWordPress Plugin

≫

Produkt Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress

Version * - 1.2.1

SystemWordPress Plugin

≫

Produkt Float menu – awesome floating side menu

Version * - 5.0.1

SystemWordPress Plugin

≫

Produkt Social Proof Popups & Real-Time Notifications – Herd Effects

Version * - 5.2.1

SystemWordPress Plugin

≫

Produkt Wow Skype Buttons

Version * - 4.0.1

SystemWordPress Plugin

≫

Produkt Popup Box – Easily Create WordPress Popups

Version * - 2.2.1

SystemWordPress Plugin

≫

Produkt Floating button

Version * - 5.3.0

SystemWordPress Plugin

≫

Produkt Side Menu Lite – Sticky Floating Side Menu

Version * - 4.0.1

SystemWordPress Plugin

≫

Produkt Sticky Buttons – Floating Buttons Builder

Version * - 3.1.0

SystemWordPress Plugin

≫

Produkt WP Coder – Insert & Manage Code Snippets

Version * - 2.5.5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wow-company ≫ Bubble Menu SwEditionfree SwPlatformwordpress Version < 3.0.4

Wow-company ≫ Button Generator SwPlatformwordpress Version < 2.3.5

Wow-company ≫ Calculator-builder SwPlatformwordpress Version < 1.5.1

Wow-company ≫ Counter Box SwPlatformwordpress Version < 1.2.2

Wow-company ≫ Float Menu SwPlatformwordpress Version < 5.0.2

Wow-company ≫ Floating Button SwPlatformwordpress Version < 5.3.1

Wow-company ≫ Herd Effects SwPlatformwordpress Version < 5.2.2

Wow-company ≫ Popup Box SwPlatformwordpress Version < 2.2.2

Wow-company ≫ Side Menu Lite SwPlatformwordpress Version < 4.0.2

Wow-company ≫ Sticky Buttons SwPlatformwordpress Version < 3.1.1

Wow-company ≫ Wow Skype Buttons SwPlatformwordpress Version < 4.0.2

Wow-company ≫ Wp Coder SwPlatformwordpress Version < 2.5.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.312

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

https://wpscan.com/vulnerability/27e70507-fd68-4915-88cf-0b96ed55208e

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-2362

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2362

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2362

EUVD