QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24992

Published: Dec 27, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Vendor	Product	Versions
Unknown	Smart Floating / Sticky Buttons – Call, Sharing, Chat Widgets & More – Buttonizer	affected `2.5.5 - < 2.5.5`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/db0b9480-2ff4-423c-a745-68e983ffa12b

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.