Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in 12 plugins by Wow-Company

  • Severity: medium-risk
  • Status: Fixed
  • Publication: May 22, 2023

Several plugins created by Wow-Company have a security flaw which makes it possible for unauthenticated attackers to inject malicious scripts into webpages. This vulnerability exists in various versions of the plugins and is caused by insufficient checking for input and lack of properly escaping output. It can be exploited if a user is tricked into doing something like clicking on a link.

Detected in:

Bubble Menu – circle floating menu fixed vulnerable versions: >= * <= 3.0.3
Bubble Menu – Floating Button Menu with Sticky Navigation fixed vulnerable versions:
Bubble Menu – Sticky Navigation with Floating Button Menu Solution fixed vulnerable versions:
Button Generator – easily Button Builder fixed vulnerable versions: >= * <= 2.3.4
Button Generator – Easily Create Custom Buttons with Icons and Analytics fixed vulnerable versions:
Calculator Builder fixed vulnerable versions: >= * <= 1.5.0
Calculator Builder – Create an Online Calculator fixed vulnerable versions:
Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress fixed vulnerable versions:
Counter Box – WordPress plugin for countdown, timer, counter fixed vulnerable versions: >= * <= 1.2.1
Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site fixed vulnerable versions:
Counter Box: Create Engaging Countdowns, Timers & Counters fixed vulnerable versions:
Float menu – awesome floating side menu fixed vulnerable versions: >= * <= 5.0.1
Floating button fixed vulnerable versions: >= * <= 5.3.0
Herd Effects – fake notifications and social proof plugin fixed vulnerable versions: >= * <= 5.2.1
Herd Effects – Social Proof and Notification Plugin fixed vulnerable versions:
Popup Box – Easily Create WordPress Popups fixed vulnerable versions:
Popup Box – new WordPress popup plugin fixed vulnerable versions: >= * <= 2.2.1
Popup Box: Create Custom WordPress Popups Easily fixed vulnerable versions:
Popup Box: Create Popups Easily fixed vulnerable versions:
Side Menu Lite – add sticky fixed buttons fixed vulnerable versions: >= * <= 4.0.1
Side Menu Lite – Sticky Floating Side Menu fixed vulnerable versions:
Social Proof Popups & Real-Time Notifications – Herd Effects fixed vulnerable versions:
Sticky Buttons – floating buttons builder fixed vulnerable versions: >= * <= 3.1.0
Wow Skype Buttons fixed vulnerable versions: >= * <= 4.0.1
WP Coder – Code Snippets + HTML, CSS, JS and PHP Injection fixed vulnerable versions:
WP Coder – Insert & Manage Code Snippets fixed vulnerable versions:
WP Coder – Insert Custom PHP, HTML, CSS & JS in WordPress fixed vulnerable versions:
WP Coder – Powerful HTML, CSS & JS Injection fixed vulnerable versions:
WP Coder – Powerful HTML, CSS, JS and PHP Injection fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.