Floating Social Bar
by WordPress
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-8790 | Med | 0.40 | 6.1 | 0.00 | Oct 18, 2024 | The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to… | ||
| CVE-2024-6405 | Med | 0.40 | 6.1 | 0.00 | Jun 29, 2024 | The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for… | ||
| CVE-2025-46451 | Med | 0.38 | 5.9 | 0.00 | Apr 24, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Floating Social Bar floating-social-bar allows Stored XSS.This issue affects Floating Social Bar: from n/a through <= 1.1.7. | ||
| CVE-2015-3299 | Med | 0.33 | 6.1 | 0.02 | Sep 19, 2017 | Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original service order. | ||
| CVE-2015-5528 | 0.00 | — | 0.02 | Jul 16, 2015 | Cross-site scripting (XSS) vulnerability in the save_order function in class-floating-social-bar.php in the Floating Social Bar plugin before 1.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the items[] parameter in an fsb_save_order action… |
- risk 0.40cvss 6.1epss 0.00
The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to…
- risk 0.40cvss 6.1epss 0.00
The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for…
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Floating Social Bar floating-social-bar allows Stored XSS.This issue affects Floating Social Bar: from n/a through <= 1.1.7.
- risk 0.33cvss 6.1epss 0.02
Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original service order.
- CVE-2015-5528Jul 16, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the save_order function in class-floating-social-bar.php in the Floating Social Bar plugin before 1.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the items[] parameter in an fsb_save_order action…