What is GHSA-3q6m-7jw2-r5m4?

GHSA-3q6m-7jw2-r5m4 is a security advisory published by GitHub Security Advisories with Medium severity. The WPB Floating Menu \u0026 Categories for WordPress – Sticky Side Menu with Icons plugin for...

Which CVE IDs does GHSA-3q6m-7jw2-r5m4 cover?

GHSA-3q6m-7jw2-r5m4 covers the following CVE IDs: CVE-2026-4811. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-3q6m-7jw2-r5m4?

GHSA-3q6m-7jw2-r5m4 has a CVSS v3 base score of 4.9, published by GitHub Security Advisories.

GHSA-3q6m-7jw2-r5m4MediumCVSS 4.9

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for...

Vendor

GitHub Security Advisories

Published

May 21, 2026

Last Modified

May 21, 2026

🔗 CVE IDs covered (1)

CVE-2026-4811 →

📋 Description

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-4811
https://plugins.trac.wordpress.org/browser/wpb-floating-menu-or-categories/tags/1.0.8/admin/category-icon.php#L41
https://www.wordfence.com/threat-intel/vulnerabilities/id/961702ff-60fb-41ff-99b0-a37ade051083?source=cve
https://github.com/advisories/GHSA-3q6m-7jw2-r5m4