CVE-2023-2362: Multiple Plugins from Wow-Company - Reflected XSS
First published: Mon Jun 12 2023(Updated: )
The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wow-company Bubble Menu | <3.0.4 | |
| Wow-company Button Generator | <2.3.5 | |
| Wow-company Calculator-builder | <1.5.1 | |
| Wow-company Counter Box | <1.2.2 | |
| Wow-company Float Menu | <5.0.2 | |
| Wow-company Floating Button | <5.3.1 | |
| Wow-company Herd Effects | <5.2.2 | |
| Wow-company Popup Box | <2.2.2 | |
| Wow-company Side Menu Lite | <4.0.2 | |
| Wow-company Sticky Buttons | <3.1.1 | |
| Wow-company Wow Skype Buttons | <4.0.2 | |
| Wow-company Wp Coder | <2.5.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-2362?
CVE-2023-2362 is a vulnerability in the Float Menu WordPress plugin before version 5.0.2, Bubble Menu WordPress plugin before version 3.0.4, Button Generator WordPress plugin before version 2.3.5, Calculator Builder WordPress plugin before version 1.5.1, Counter Box WordPress plugin before version 1.2.2, Floating Button WordPress plugin before version 5.3.1, Herd Effects WordPress plugin before version 5.2.2, Popup Box WordPress plugin before version 2.2.2, Side Menu Lite WordPress plugin before version 4.0.2, Sticky Buttons WordPress plugin before version 3.1.1, Wow Skype Buttons WordPress plugin before version 4.0.2, and Wp Coder WordPress plugin before version 2.5.6.
How severe is CVE-2023-2362?
CVE-2023-2362 has a severity level of 6.1, which is considered medium.
Which plugins are affected by CVE-2023-2362?
The Float Menu, Bubble Menu, Button Generator, Calculator Builder, Counter Box, Floating Button, Herd Effects, Popup Box, Side Menu Lite, Sticky Buttons, Wow Skype Buttons, and Wp Coder WordPress plugins are affected by CVE-2023-2362.
How can I fix CVE-2023-2362?
To fix CVE-2023-2362, it is recommended to update the affected WordPress plugins to the latest versions.
What is the Common Weakness Enumeration (CWE) for CVE-2023-2362?
The Common Weakness Enumeration (CWE) for CVE-2023-2362 is CWE-79, which refers to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/event
- agent/tags
- agent/first-publish-date
- agent/description
- vendor/wow-company
- canonical/wow-company bubble menu
- canonical/wow-company button generator
- canonical/wow-company calculator-builder
- canonical/wow-company counter box
- canonical/wow-company float menu
- canonical/wow-company floating button
- canonical/wow-company herd effects
- canonical/wow-company popup box
- canonical/wow-company side menu lite
- canonical/wow-company sticky buttons
- canonical/wow-company wow skype buttons
- canonical/wow-company wp coder