← voltar
CVE-2021-24425

myStickymenu < 2.5.2 - Authenticated Stored XSS

EPSS 0.6%CWE-79
The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog (when the Welcome bar is active)
Produtos afetados
Unknown · Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://m0ze.ru/vulnerability/%5B2021-05-21%5D-%5BWordPress%5D-%5BCWE-79%5D-MyStickymenu-WordPress-Plugin-v2.5.1.txthttps://wpscan.com/vulnerability/14632fa8-597e-49ff-8583-9797208a3583