Lucene search

PatchstackCVE-2024-39626

HistoryAug 01, 2024 - 11:15 p.m.

CVE-2024-39626

2024-08-0123:15:50

CWE-79

Patchstack

web.nvd.nist.gov

input neutralization web page generation

xss vulnerability

stored xss

pretty simple popup builder

version 1.0.7

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

Percentile

14.7%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in 5 Star Plugins Pretty Simple Popup Builder allows Stored XSS.This issue affects Pretty Simple Popup Builder: from n/a through 1.0.7.

Affected configurations

Nvd

Vulners

Node

5starpluginspretty_simple_popup_builderRange≤1.0.8wordpress

VendorProductVersionCPE
5starpluginspretty_simple_popup_builder*cpe:2.3:a:5starplugins:pretty_simple_popup_builder:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
5starplugins	pretty_simple_popup_builder	*	cpe:2.3:a:5starplugins:pretty_simple_popup_builder::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "pretty-simple-popup-builder",
    "product": "Pretty Simple Popup Builder",
    "vendor": "5 Star Plugins",
    "versions": [
      {
        "lessThanOrEqual": "1.0.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/pretty-simple-popup-builder/wordpress-pretty-simple-popup-builder-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve