CVE-2023-6591

The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

PT-2024-15016 · WordPress · Popup Box

Name of the Vulnerable Software and Affected Versions: Popup Box WordPress plugin versions prior to 20.9.0 Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks even when unfiltered html is disallowed, due to the plugin not sanitizing and...

WordPress Plugin Popup Box Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Popup Box Pro < 20.9.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a new popup and add the following payload in the Custom Content: Save, and...

Vulnerability fixed in Adobe Reader Mobile

A vulnerability has been fixed in Adobe Reader Mobile for Android. A malicious party could exploit the vulnerability to gain access to sensitive data in the context of the victim. Adobe has released updates to fix the vulnerability in Reader Mobile 20.9.0. For more information, see:...