CVE-2024-7133

The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:premio:my_sticky_bar:*:*:*:*:*:wordpress:*:*

History

27 Sep 2024, 21:27

Type Values Removed Values Added
First Time Premio my Sticky Bar
Premio
CPE cpe:2.3:a:premio:my_sticky_bar:*:*:*:*:*:wordpress:*:*
CWE CWE-79
References () https://wpscan.com/vulnerability/c81c1622-33d1-41f2-ba63-f06bd4c125ab/ - () https://wpscan.com/vulnerability/c81c1622-33d1-41f2-ba63-f06bd4c125ab/ - Exploit, Third Party Advisory

13 Sep 2024, 16:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8

13 Sep 2024, 14:06

Type Values Removed Values Added
Summary
  • (es) El complemento Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any de WordPress anterior a 2.7.3 no validan ni escapan algunas de sus configuraciones antes de mostrarlas nuevamente en la página, lo que podría permitir que los usuarios con un rol alto realicen ataques de Cross-site Scripting almacenado.

13 Sep 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-13 06:15

Updated : 2024-09-27 21:27


NVD link : CVE-2024-7133

Mitre link : CVE-2024-7133

CVE.ORG link : CVE-2024-7133


JSON object : View

Products Affected

premio

  • my_sticky_bar
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')