China National Vulnerability DatabaseCNVD-2022-88256WordPress WP Popup Builder Cross-Site Scripting Vulnerability
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of WordPress WP Popup Builder prior to 1.2.8, which stems from parameters not being cleaned and escaped before being output back to the page. An attacker could exploit the vulnerability to launch a cross-site scripting attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress wp popup builder | lt | 1.2.9 |
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N