CVE-2024-5799 CM Pop-Up Banners for WordPress < 1.7.3 - Contributor+ Stored XSS

2024-09-1206:00:02

WPScan

github.com

cve-2024-5799; plugin vulnerability; wordpress security

EPSS

Percentile

9.6%

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:creativemindssolutions:cm_pop-up_banners:*:*:*:*:*:*:*:*"
    ],
    "vendor": "creativemindssolutions",
    "product": "cm_pop-up_banners",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.7.3",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]