3 matches found
WordPress Popup Maker plugin <= 1.20.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via popupID Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via popupID Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin Popup Maker versions = 1.20.4...
CVE-2025-4205
creationtimestamp| type| source ---|---|--- 2025-06-03 12:14:01+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqpb7lz242y2 2025-06-03 15:43:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqpmybiqfz2p...
CVE-2025-4205 Popup Maker <= 1.20.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via popupID Parameter
The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popupID' parameter in all versions up to, and including, 1.20.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...