Cross-Site Scripting Vulnerability in Floating Social Bar Plugin for WordPress
CVE-2015-5528

Currently unrated

Key Information:

Vendor: Wordpress
Status: Floating Social Bar
Vendor: CVE Published:; 16 July 2015

Summary

A cross-site scripting (XSS) vulnerability exists within the Floating Social Bar plugin for WordPress, specifically in the save_order function located in class-floating-social-bar.php. This flaw enables attackers to execute arbitrary web scripts or HTML code by manipulating the items[] parameter during an fsb_save_order action via wp-admin/admin-ajax.php. If successfully exploited, this vulnerability could lead to unauthorized user actions and data exposure, significantly compromising site security.

References

https://wpvulndb.com/vulnerabilities/8098

x_refsource_MISC

http://security.szurek.pl/floating-social-bar-115-xss.html

x_refsource_MISC

https://wordpress.org/plugins/floating-social-bar/changelog/

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 16, 2015
Vulnerability Reserved
Jul 16, 2015