Headline
CVE-2022-36378: WordPress Floating Div plugin <= 3.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress.
Verified
Not fixed
4.8
CVSS 3.1 score Medium severity
Monitoring Coming soon
Vulnerable versions
<= 3.0
PSID
20ec0f4306c6
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires author or higher role user authentication.
Publicly disclosed
2022-07-29
Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Floating Div plugin (versions <= 3.0).
Solution
No patched version available.
References