CVE-2024-7133: My Sticky Bar < 2.7.3 - Admin+ Stored XSS
First published: Fri Sep 13 2024(Updated: )
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| My Sticky Bar | <2.7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-7133?
CVE-2024-7133 is considered a high severity vulnerability due to its potential for unauthorized data manipulation.
How do I fix CVE-2024-7133?
To fix CVE-2024-7133, update the Premio My Sticky Bar plugin to version 2.7.3 or later.
Who is affected by CVE-2024-7133?
CVE-2024-7133 affects users of the Premio My Sticky Bar plugin versions prior to 2.7.3.
What type of vulnerability is CVE-2024-7133?
CVE-2024-7133 is a stored cross-site scripting (XSS) vulnerability.
What are the potential consequences of CVE-2024-7133?
The potential consequences of CVE-2024-7133 include the ability for high-privilege users to inject malicious scripts into web pages.
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/premio
- canonical/my sticky bar