CVE-2022-36378

Name of the Vulnerable Software and Affected Versions PluginlySpeaking Floating Div plugin version 3.0 and earlier

Description The issue is an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with at least author or higher user role can inject malicious scripts into the website, potentially affecting other users. The estimated number of potentially affected devices worldwide is not available.

Recommendations For PluginlySpeaking Floating Div plugin version 3.0 and earlier, update to a version later than 3.0 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality for users with author or higher roles until a patch is available.