4 matches found
WordPress Popup Maker Plugin < 1.18.3 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:code-atlantic:popupmaker"; ifdescription...
CVE-2024-2336
The Popup Maker – Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-2336
CVE-2024-2336 affects the WordPress plugin Popup Maker – Popup for opt-ins, lead gen, & more. All versions up to 1.18.2 are vulnerable to Stored Cross‑Site Scripting via shortcode attributes due to insufficient input sanitization/output escaping. Exploitation requires contributor‑level privileges...
WordPress Popup Maker Plugin <= 1.18.2 is vulnerable to Cross Site Scripting (XSS)
Software Popup Maker Type Plugin Vulnerable versions = 1.18.2 Fixed in 1.18.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2336 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f2e61eb496fe Credits Tim Coen Required privileg...