3 matches found
CVE-2023-5809
The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-5809 Popup box < 3.8.6 - Admin+ Stored XSS in Categories
The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-5809
The CVE-2023-5809 entry concerns the Popup box WordPress plugin prior to version 3.8.6. Multiple sources confirm that the plugin does not sanitize/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, including multisite deplo...