Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-3650 - Bubble Menu Plugin
The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
PLUGIN
Bubble Menu
CVE-2023-3650
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2023-2362 - Bubble Menu Plugin
The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to…
PLUGIN
Bubble Menu
CVE-2023-2362
Risk Score