CVE-2024-3641 Newsletter Popup <= 1.2 - Unauthenticated Stored XSS

2024-05-1606:00:01

WPScan

github.com

cve-2024-3641

wordpress

cross-site scripting

AI Score

6.3

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Newsletter Popup",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "1.2"
      }
    ],
    "defaultStatus": "affected"
  }
]