CVE-2022-2709

CVE-2022-2709: Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Float to Top Button

Weakness CWE-79 · XSS

Published September 19, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Key dates

02Disclosure timeline

September 19, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2709

Related vulnerabilities

04Related CVE

CVE-2025-28921 WordPress SpatialMatch IDX plugin <= 3.0.9 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-13676 JustClick registration plugin <= 0.1 - Reflected Cross-Site Scripting via PHP_SELF CVE-2024-56024 WordPress Custom Dashboard Widget plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2017-6654 CVE-2017-8440