The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks.
References
| Link | Resource |
|---|---|
| https://wpscan.com/vulnerability/c81c1622-33d1-41f2-ba63-f06bd4c125ab/ | Exploit Third Party Advisory |
Configurations
History
27 Sep 2024, 21:27
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Premio
Premio my Sticky Bar |
|
| CWE | CWE-79 | |
| References | () https://wpscan.com/vulnerability/c81c1622-33d1-41f2-ba63-f06bd4c125ab/ - Exploit, Third Party Advisory | |
| CPE | cpe:2.3:a:premio:my_sticky_bar:*:*:*:*:*:wordpress:*:* |
13 Sep 2024, 16:35
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
13 Sep 2024, 14:06
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
13 Sep 2024, 06:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-09-13 06:15
Updated : 2024-09-27 21:27
NVD link : CVE-2024-7133
Mitre link : CVE-2024-7133
CVE.ORG link : CVE-2024-7133
JSON object : View
Products Affected
premio
- my_sticky_bar
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')