WordPress Floating Social Media Icon plugin <= 4.3.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
CVSS 3.1 score
Not reported to be exploited
Floating Social Media Icon
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Requires high role user authentication like admin.
Patchstack vPatch available since
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Asif Nawaz Minhas in WordPress Floating Social Media Icon plugin (versions <= 4.3.5).
Deactivate and delete. This plugin has been closed as of October 27, 2021 and is not available for download. This closure is temporary, pending a full review.