2 matches found
CVE-2022-2115
CVE-2022-2115 affects the WordPress plugin Popup Anything, where versions before 2.1.7 do not sanitize or escape a parameter before echoing it on a frontend page, enabling reflected XSS. The root cause is improper input handling in output rendering (frontend page). Exploitation guidance is availa...
CVE-2021-24883
The CVE-2021-24883 entry concern is confirmed by multiple connected sources: the WordPress Popup Anything plugin (versions up to and including 2.0.3) fails to escape the Link Text and Button Text fields in Popup, causing a Stored Cross-Site Scripting (XSS) vulnerability. The issue can be exploite...