CVE-2023-2362: 
WordPress vulnerability analysis and mitigation

CVE-2023-2362 affects multiple WordPress plugins developed by Wow-Company. The vulnerability was discovered and publicly disclosed on May 22, 2023. The affected plugins include Float Menu (before 5.0.2), Bubble Menu (before 3.0.4), Button Generator (before 2.3.5), Calculator Builder (before 1.5.1), Counter Box (before 1.2.2), Floating Button (before 5.3.1), Herd Effects (before 5.2.2), Popup Box (before 2.2.2), Side Menu Lite (before 4.0.2), Sticky Buttons (before 3.1.1), Wow Skype Buttons (before 4.0.2), and WP Coder (before 2.5.6) (WPScan).

The vulnerability is a Reflected Cross-Site Scripting (XSS) issue that occurs because the plugins do not properly escape the page parameter before outputting it back in an attribute. The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. It is classified as CWE-79: Cross-Site Scripting (NVD, WPScan).

This vulnerability could be exploited against high-privilege users such as administrators. When successfully exploited, it allows attackers to execute malicious scripts in the context of the victim's browser session (WPScan).

Users should update their installations to the fixed versions: Float Menu 5.0.2, Bubble Menu 3.0.4, Button Generator 2.3.5, Calculator Builder 1.5.1, Counter Box 1.2.2, Floating Button 5.3.1, Herd Effects 5.2.2, Popup Box 2.2.2, Side Menu Lite 4.0.2, Sticky Buttons 3.1.1, Wow Skype Buttons 4.0.2, and WP Coder 2.5.6 (WPScan).