CVE-2023-2362 — MEDIUM (6.1)

Q: How severe is CVE-2023-2362?

CVE-2023-2362 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-2362?

Check the references section above for vendor advisories and patch information. Affected products include: Wow-Company Bubble Menu, Wow-Company Button Generator, Wow-Company Calculator-Builder, Wow-Company Counter Box, Wow-Company Float Menu.

Vulnerability Description

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Wow-Company	Bubble Menu	< 3.0.4
Wow-Company	Button Generator	< 2.3.5
Wow-Company	Calculator-Builder	< 1.5.1
Wow-Company	Counter Box	< 1.2.2
Wow-Company	Float Menu	< 5.0.2
Wow-Company	Floating Button	< 5.3.1
Wow-Company	Herd Effects	< 5.2.2
Wow-Company	Popup Box	< 2.2.2
Wow-Company	Side Menu Lite	< 4.0.2
Wow-Company	Sticky Buttons	< 3.1.1
Wow-Company	Wow Skype Buttons	< 4.0.2
Wow-Company	Wp Coder	< 2.5.6

References

https://wpscan.com/vulnerability/27e70507-fd68-4915-88cf-0b96ed55208eExploitThird Party Advisory
https://wpscan.com/vulnerability/27e70507-fd68-4915-88cf-0b96ed55208eExploitThird Party Advisory

FAQ

What is CVE-2023-2362?

CVE-2023-2362 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box W...

How severe is CVE-2023-2362?

CVE-2023-2362 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-2362?

Check the references section above for vendor advisories and patch information. Affected products include: Wow-Company Bubble Menu, Wow-Company Button Generator, Wow-Company Calculator-Builder, Wow-Company Counter Box, Wow-Company Float Menu.