Cross-Site Scripting Flaw in Floating Social Bar Plugin for WordPress
CVE-2015-3299

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Floating Social Bar
Vendor
CVE Published:
19 September 2017

What is CVE-2015-3299?

The Floating Social Bar plugin for WordPress is vulnerable to a Cross-Site Scripting (XSS) issue that permits remote attackers to inject arbitrary web scripts or HTML into user interfaces. This vulnerability can be exploited through specific vectors related to the original service order, compromising site security and user data. Website administrators are advised to update to version 1.1.7 or later to mitigate these risks.

References

https://plugins.trac.wordpress.org/changeset/1129648/floa...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/74053
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2015/04/13/10
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.