3 matches found
CVE-2022-4716
The CVE-2022-4716 issue affects the WP Popups WordPress plugin prior to version 2.1.4.8. The root cause is that the plugin does not validate and escape certain shortcode attributes before outputting them, enabling Stored Cross-Site Scripting (Stored XSS) where low-privilege users (as low as Contr...
CVE-2023-1905
The CVE-2023-1905 vuln concerns the WP Popups WordPress plugin prior to version 2.1.5.1. The issue is an insufficient escape of the href attribute for the spu-facebook-page shortcode, leading to potential Stored XSS for users with the contributor role or higher when the shortcode is embedded in a...
CVE-2023-24003
CVE-2023-24003 affects the WP Popups WordPress plugin, specifically versions