CVE-2023-2362

Exploit

EPSS 0.12%
Published 12.06.2023 18:15:09
Last modified 05.05.2025 16:15:35
Source contact@wpscan.com
Teams watchlist Login
Open Login

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Wow-company ≫ Bubble Menu SwEditionfree SwPlatformwordpress Version < 3.0.4

Wow-company ≫ Button Generator SwPlatformwordpress Version < 2.3.5

Wow-company ≫ Calculator-builder SwPlatformwordpress Version < 1.5.1

Wow-company ≫ Counter Box SwPlatformwordpress Version < 1.2.2

Wow-company ≫ Float Menu SwPlatformwordpress Version < 5.0.2

Wow-company ≫ Floating Button SwPlatformwordpress Version < 5.3.1

Wow-company ≫ Herd Effects SwPlatformwordpress Version < 5.2.2

Wow-company ≫ Popup Box SwPlatformwordpress Version < 2.2.2

Wow-company ≫ Side Menu Lite SwPlatformwordpress Version < 4.0.2

Wow-company ≫ Sticky Buttons SwPlatformwordpress Version < 3.1.1

Wow-company ≫ Wow Skype Buttons SwPlatformwordpress Version < 4.0.2

Wow-company ≫ Wp Coder SwPlatformwordpress Version < 2.5.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.312

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

https://wpscan.com/vulnerability/27e70507-fd68-4915-88cf-0b96ed55208e

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-2362

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2362

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2362

EUVD