WP Popups < 2.1.5.1 - Contributor+ Stored XSS

The plugin does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficie...

Apple Safari PDF Arbitrary Script Execution Vulnerability

Apple Safari is a popular WEB browser. A security vulnerability exists in Apple Safari that allows an attacker to construct a malicious URI containing an embedded PDF page, which induces a user to visit it and execute arbitrary script code in the context of the target user...