WordPress Popup4Phone Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Popup4Phone Type Plugin Vulnerable versions = 1.3.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3231 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3a2ba7555452 Credits Bob Matyas Required...

PT-2024-26745 · WordPress · Popup4Phone Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Popup4Phone WordPress plugin versions 1.3.2 and earlier Description: The issue allows high privilege users, such as Editors, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, ...