Lucene search
HistoryJan 01, 2024 - 3:15 p.m.
CVE-2023-6000
popup builder
wordpress
visitor
update
stored xss
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
6.1
Confidence
High
EPSS
0.001
Percentile
17.0%
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.
Affected configurations
Node
sygnoospopup_builderRange<4.2.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sygnoos | popup_builder | * | cpe:2.3:a:sygnoos:popup_builder:*:*:*:*:*:wordpress:*:* |
Related
cvelist
cvelist
CVE-2023-6000 Popup Builder < 4.2.3 - Unauthenticated Stored XSS
2024-01-01 14:18:56
thn
thn
prion
prion
Cross site scripting
2024-01-01 15:15:00
openvas
openvas
WordPress Popup Builder Plugin < 4.2.3 XSS Vulnerability
2024-01-12 00:00:00
wpvulndb
wpvulndb
Popup Builder < 4.2.3 - Unauthenticated Stored XSS
2023-12-11 00:00:00
cve
cve
CVE-2023-6000
2024-01-01 15:15:43
wpexploit
wpexploit
Popup Builder < 4.2.3 - Unauthenticated Stored XSS
2023-12-11 00:00:00
wordfence
wordfence
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
6.1
Confidence
High
EPSS
0.001
Percentile
17.0%
Related for NVD:CVE-2023-6000