How can this vulnerability impact me? :

This vulnerability allows attackers with Editor-level access or above to inject malicious scripts that execute in the context of other users visiting the affected pages.

The impact includes potential compromise of user sessions, theft of sensitive information, or unauthorized actions performed on behalf of users without their consent.

The CVSS score of 4.9 indicates a medium severity with high confidentiality impact but no impact on integrity or availability.

Useful 0 Not Useful 0

Can you explain this vulnerability to me?

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin is vulnerable to Stored Cross-Site Scripting (XSS) through the 'Icon CSS Class' category field. This vulnerability exists in all versions up to and including 1.0.8 due to insufficient input sanitization and output escaping.

Authenticated attackers with Editor-level access or higher can inject arbitrary web scripts into pages. These scripts execute whenever a user accesses the injected page, potentially compromising the security of users.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The vulnerability affects all versions up to and including 1.0.8 of the WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin. Immediate mitigation steps include updating the plugin to a version later than 1.0.8 where the vulnerability is fixed.

Additionally, restrict Editor-level access and above to trusted users only, as the vulnerability requires authenticated users with Editor-level permissions to exploit.

Useful 0 Not Useful 0