2 matches found
CVE-2022-3690 Popup Maker < 1.16.11 - Contributor+ Stored Cross Site Scripting
The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins...
CVE-2022-3690
CVE-2022-3690 affects the WordPress Popup Maker plugin for versions prior to 1.16.11. The issue is a stored XSS vulnerability caused by not sanitising and escaping certain popup options, allowing a user with Contributor+ privileges to inject code that could affect admins. Exploitation details and...