Skip to main content

Bubble Menu

3 CVEs product

Monthly

CVE-2023-3650 MEDIUM POC This Month

The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bubble Menu
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2362 MEDIUM POC This Month

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bubble Menu Button Generator Calculator Builder +9
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23984 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu - circle floating menu plugin <= 3.0.1 leading to form deletion. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Bubble Menu
NVD
CVSS 3.1
4.3
EPSS
0.1%
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bubble Menu
NVD WPScan
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bubble Menu +11
NVD WPScan
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu - circle floating menu plugin <= 3.0.1 leading to form deletion. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Bubble Menu
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy