Barohaf - Fpt

**Name of the Vulnerable Software and Affected Versions** WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons versions prior to 1.0.9 **Description** The plugin is subject to Stored Cross-Site Scripting (XSS), a flaw where malicious scripts are permanently stored on the target server. This occurs due to insufficient input sanitization and output escaping in the 'Icon CSS Class' category field. Authenticated attackers with Editor-level access or higher can inject arbitrary web scripts that execute when a user visits the affected page. **Recommendations** Update the plugin to a version later than 1.0.8. As a temporary workaround, restrict access to the 'Icon CSS Class' category field for users with Editor-level permissions until the update is applied.