6 matches found
Cross site scripting
The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
WP Popups < 2.1.5.1 - Contributor+ Stored XSS
The plugin does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficie...
CVE-2023-24003
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Timersys WP Popups – WordPress Popup plugin = 2.1.4.8 versions...
CVE-2023-24003
CVE-2023-24003 affects the WP Popups WordPress plugin, specifically versions
CVE-2023-24003 WordPress WP Popups Plugin <= 2.1.4.8 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Timersys WP Popups – WordPress Popup plugin = 2.1.4.8 versions...
WordPress WP Popups Plugin <= 2.1.4.8 is vulnerable to Cross Site Scripting (XSS)
Software WP Popups Type Plugin Vulnerable versions = 2.1.4.8 Fixed in 2.1.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24003 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 67ff2b51dbe7 Credits Rafshanzani Suhada Requir...