2 matches found
CVE-2024-38744
CVE-2024-38744 (Plum: Spin Wheel & Email Pop-up) is tied to Upqode Plum plugin versions n/a through 2.0, with a Missing Authorization vulnerability that enables access to constrained functionality and stores XSS. Public sources indicate unauthenticated access to restricted features and stored XSS...
WordPress Plum: Spin Wheel & Email Pop-up Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)
Software Plum: Spin Wheel & Email Pop-up Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38744 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 688ef82694b8 Credits Ananda Dhakal Patchstack...