CVE-2022-2404

🗓️ 26 Sep 2022 12:35:33Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 57 Views🌐 WEB

The WP Popup Builder WordPress plugin before 1.2.9 is prone to Reflected Cross-Site Scriptin

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2022-2404	21 May 202519:42	–	circl
CNNVD	WordPress plugin WP Popup Builder 跨站脚本漏洞	26 Sep 202200:00	–	cnnvd
CNVD	WordPress WP Popup Builder Cross-Site Scripting Vulnerability	28 Sep 202200:00	–	cnvd
Cvelist	CVE-2022-2404 WP Popup Builder < 1.2.9 - Reflected Cross-Site Scripting	26 Sep 202212:35	–	cvelist
EUVD	EUVD-2022-34667	3 Oct 202520:07	–	euvd
NVD	CVE-2022-2404	26 Sep 202213:15	–	nvd
OSV	CVE-2022-2404	26 Sep 202213:15	–	osv
Patchstack	WordPress WP Popup Builder plugin <= 1.2.8 - Reflected Cross-Site Scripting (XSS) vulnerability	5 Sep 202200:00	–	patchstack
Prion	Cross site scripting	26 Sep 202213:15	–	prion
Positive Technologies	PT-2022-16430 · WordPress · Popup Builder	26 Sep 202200:00	–	ptsecurity

NVD

Vulners

Node

themehunk wp_popup_builderRange<1.2.9wordpress

[
  {
    "product": "WP Popup Builder – Popup Forms , Marketing PoPuP &  Newsletter",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.2.9",
        "status": "affected",
        "version": "1.2.9",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/0d889dde-b9d5-46cf-87d3-4f8a85cf9b98

Parameter	Position	Path	Description	CWE
pos-name	query param	/wp-admin/admin.php?page=wppb&pos-name=xxx\"><script>alert(%2FXSS%2F)%3B<%2Fscript>&custom-popup=1	Reflected XSS due to unsanitized/unescaped parameter output in WP Popup Builder (CVE-2022-2404)	CWE-79
custom-popup	query param	/wp-admin/admin.php?page=wppb&pos-name=xxx\"><script>alert(%2FXSS%2F)%3B<%2Fscript>&custom-popup=1	Reflected XSS due to unsanitized/unescaped parameter output in WP Popup Builder (CVE-2022-2404)	CWE-79

21 May 2025 20:15Current

6Medium risk

Vulners AI Score6

CVSS 3.16.1

EPSS0.0023

SSVC

CWE-79