Vulnerabilities and security researches forfloat-menu float-menu

Jun 06, 2024

CVE, Research URL: CVE-2024-2405
Home page URL: Security reports for Float menu – awesome floating side menu
Application: Float menu – awesome floating side menu
Date: May 02, 2024
Research Description: The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-0313
Home page URL: Security reports for Float menu – awesome floating side menu
Application: Float menu – awesome floating side menu
Date: Feb 21, 2022
Research Description: The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-3225
Home page URL: Security reports for Float menu – awesome floating side menu
Application: Float menu – awesome floating side menu
Date: Jul 10, 2023
Research Description: The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-2362
Home page URL: Security reports for Float menu – awesome floating side menu
Application: Float menu – awesome floating side menu
Date: Jun 12, 2023
Research Description: The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions: Min -, max -.
Status: vulnerable

Apr 03, 2025

CVE, Research URL: CVE-2025-30912
Home page URL: Security reports for Float menu – awesome floating side menu
Application: Float menu – awesome floating side menu
Date: Mar 27, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Float menu allows Cross Site Request Forgery. This issue affects Float menu: from n/a through 6.1.2.
Affected versions: Min -, max -.
Status: vulnerable