Popup4Phone <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting

Popup4Phone WordPress plugin through 1.3.2 contains a reflected cross-site scripting caused by unsanitized parameters, letting unauthenticated users execute scripts in admin browsers, exploit requires sending crafted requests. id: CVE-2024-3231 info: name: Popup4Phone = 1.3.2 - Unauthenticated...

CVE-2024-3231

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins...

WordPress Popup4Phone plugin <= 1.3.2 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Popup4Phone versions = 1.3.2...

WordPress Popup4Phone plugin <= 1.3.2 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Popup4Phone versions = 1.3.2...

CVE-2024-3231

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins...

CVE-2024-3580

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3231

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins...

CVE-2024-3580

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3231

CVE-2024-3231 concerns the Popup4Phone WordPress plugin (versions

CVE-2024-3231 Popup4Phone <= 1.3.2 - Unauthenticated Stored XSS

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins...

CVE-2024-3231 Popup4Phone <= 1.3.2 - Unauthenticated Stored XSS

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins...

CVE-2024-3580

Popup4Phone WordPress plugin versions

CVE-2024-3580 Popup4Phone <= 1.3.2 - Editor+ Stored XSS

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3580 Popup4Phone <= 1.3.2 - Editor+ Stored XSS

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Plugin Popup4Phone 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...

WordPress Popup4Phone Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Popup4Phone Type Plugin Vulnerable versions = 1.3.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3580 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9736f59d6bae Credits Bob Matyas Required privilege...

WordPress Plugin Popup4Phone 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...

WordPress Popup4Phone Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Popup4Phone Type Plugin Vulnerable versions = 1.3.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3231 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3a2ba7555452 Credits Bob Matyas Required...

PT-2024-24498 · WordPress · Popup4Phone

Name of the Vulnerable Software and Affected Versions: Popup4Phone WordPress plugin versions 1.3.2 and earlier Description: The issue allows unauthenticated users to perform Cross-Site Scripting attacks against admins due to the plugin not sanitising and escaping some parameters. Recommendations:...

PT-2024-26745 · WordPress · Popup4Phone Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Popup4Phone WordPress plugin versions 1.3.2 and earlier Description: The issue allows high privilege users, such as Editors, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, ...