Lucene search
WPScanCVELIST:CVE-2024-3580HistoryMay 17, 2024 - 6:00 a.m.
CVE-2024-3580 Popup4Phone <= 1.3.2 - Editor+ Stored XSS
2024-05-1706:00:02
WPScan
www.cve.org
cve-2024-3580
popup4phone
wordpress
stored xss
high privilege users
editor
unfiltered_html capability
multisite setup
The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CNA Affected
[
{
"vendor": "Unknown",
"product": "Popup4Phone",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.3.2"
}
],
"defaultStatus": "affected"
}
]Related
cve
cve
CVE-2024-3580
2024-05-17 06:15:53
nvd
nvd
CVE-2024-3580
2024-05-17 06:15:53
wpvulndb
wpvulndb
Popup4Phone <= 1.3.2 - Editor+ Stored XSS
2024-04-26 00:00:00
wpexploit
wpexploit
Popup4Phone <= 1.3.2 - Editor+ Stored XSS
2024-04-26 00:00:00
vulnrichment
vulnrichment
CVE-2024-3580 Popup4Phone <= 1.3.2 - Editor+ Stored XSS
2024-05-17 06:00:02
wordfence
wordfence