Lucene search

K
patchstackAnanda Dhakal (Patchstack)PATCHSTACK:4C025876B45CD250E51837E6C3A7582A
HistoryJul 11, 2024 - 12:00 a.m.

WordPress Plum: Spin Wheel & Email Pop-up Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

2024-07-1100:00:00
Ananda Dhakal (Patchstack)
patchstack.com
1
wordpress plum plugin
spin wheel & email pop-up
cross site scripting
vulnerability
cve-2024-38744
patchstack
unauthenticated

AI Score

6.3

Confidence

High

EPSS

0

Percentile

9.9%

Software

Plum: Spin Wheel & Email Pop-up

Type

Plugin

Vulnerable versions

<= 2.0

Fixed in

N/A

OWASP Top 10

A1: Injection

Classification

Cross Site Scripting (XSS)

CVE

CVE-2024-38744

Patch priority

High

CVSS severity

High (8.3)

Developer

Claim ownership

PSID

688ef82694b8

Credits

Ananda Dhakal Patchstack Ananda Dhakal (Patchstack)

Required privilege

Unauthenticated

Published

11 July, 2024

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

We advise to mitigate or resolve the vulnerability immediately.

Affected configurations

Vulners
Node
mypopupspop-upRange2.0wordpress
VendorProductVersionCPE
mypopupspop-up*cpe:2.3:a:mypopups:pop-up:*:*:*:*:*:wordpress:*:*

AI Score

6.3

Confidence

High

EPSS

0

Percentile

9.9%

Related for PATCHSTACK:4C025876B45CD250E51837E6C3A7582A