5 matches found
CVE-2023-1905
The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2023-1905 WP Popups < 2.1.5.1 - Contributor+ Stored XSS
The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2023-1905 WP Popups < 2.1.5.1 - Contributor+ Stored XSS
The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2023-1905
The CVE-2023-1905 vuln concerns the WP Popups WordPress plugin prior to version 2.1.5.1. The issue is an insufficient escape of the href attribute for the spu-facebook-page shortcode, leading to potential Stored XSS for users with the contributor role or higher when the shortcode is embedded in a...
WordPress WP Popups Plugin < 2.1.5.1 is vulnerable to Cross Site Scripting (XSS)
Software WP Popups Type Plugin Vulnerable versions 2.1.5.1 Fixed in 2.1.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1905 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 10bebf67691e Credits Erwan LR Required...