2 matches found
CVE-2020-36715
The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute i...
CVE-2020-36715
CVE-2020-36715 concerns the WordPress Login/Signup Popup plugin. Multiple connected documents confirm an authorization bypass vulnerability caused by missing capability checks in versions up to and including 1.4, enabling authenticated attackers to inject arbitrary web scripts into plugin setting...