4 matches found
CVE-2023-6591
The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2023-6591
CVE-2023-6591 affects the Popup Box WordPress plugin (before 20.9.0). The issue is due to inadequate sanitization/escaping of settings, enabling stored XSS that could be executed by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Connected sources describe admin+ stor...
CVE-2023-6591 Popup Box Pro < 20.9.0 - Admin+ Stored XSS
The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2023-6591 Popup Box Pro < 20.9.0 - Admin+ Stored XSS
The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...