CVE-2023-2362

Name of the Vulnerable Software and Affected Versions Float menu WordPress plugin versions prior to 5.0.2 Bubble Menu WordPress plugin versions prior to 3.0.4 Button Generator WordPress plugin versions prior to 2.3.5 Calculator Builder WordPress plugin versions prior to 1.5.1 Counter Box WordPress plugin versions prior to 1.2.2 Floating Button WordPress plugin versions prior to 5.3.1 Herd Effects WordPress plugin versions prior to 5.2.2 Popup Box WordPress plugin versions prior to 2.2.2 Side Menu Lite WordPress plugin versions prior to 4.0.2 Sticky Buttons WordPress plugin versions prior to 3.1.1 Wow Skype Buttons WordPress plugin versions prior to 4.0.2 WP Coder WordPress plugin versions prior to 2.5.6

Description The issue is related to a Reflected Cross-Site Scripting problem. This occurs because the page parameter is not properly escaped before being outputted back in an attribute. This could be exploited against high-privilege users, such as administrators.

Recommendations Update Float menu WordPress plugin to version 5.0.2 or later. Update Bubble Menu WordPress plugin to version 3.0.4 or later. Update Button Generator WordPress plugin to version 2.3.5 or later. Update Calculator Builder WordPress plugin to version 1.5.1 or later. Update Counter Box WordPress plugin to version 1.2.2 or later. Update Floating Button WordPress plugin to version 5.3.1 or later. Update Herd Effects WordPress plugin to version 5.2.2 or later. Update Popup Box WordPress plugin to version 2.2.2 or later. Update Side Menu Lite WordPress plugin to version 4.0.2 or later. Update Sticky Buttons WordPress plugin to version 3.1.1 or later. Update Wow Skype Buttons WordPress plugin to version 4.0.2 or later. Update WP Coder WordPress plugin to version 2.5.6 or later.