First published: Mon Jul 10 2023(Updated: )
The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Credit: contact@wpscan.com contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wow-company Float Menu | <5.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Float menu WordPress plugin is CVE-2023-3225.
CVE-2023-3225 allows high privilege users to perform Stored Cross-Site Scripting attacks.
High privilege users, such as admin, can exploit CVE-2023-3225 by not sanitizing and escaping some of the plugin's settings.
No, the vulnerability CVE-2023-3225 is applicable to versions up to and excluding 5.0.3 of the Float menu plugin.
The severity level of CVE-2023-3225 is medium with a value of 4.
To fix CVE-2023-3225, update the Float menu WordPress plugin to version 5.0.3 or above.