3 matches found
CVE-2021-24883
The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
CVE-2021-24883
The CVE-2021-24883 entry concern is confirmed by multiple connected sources: the WordPress Popup Anything plugin (versions up to and including 2.0.3) fails to escape the Link Text and Button Text fields in Popup, causing a Stored Cross-Site Scripting (XSS) vulnerability. The issue can be exploite...
CVE-2021-24883 Popup Anything < 2.0.4 - Contributor+ Stored Cross-Site Scripting
The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...