Lucene search
Dipak Panchal (th3.d1pak)WPVDB-ID:941A9AA7-F4B2-474A-84D9-9A74C99079E2HistoryAug 30, 2023 - 12:00 a.m.
Popup Builder < 4.2.0 - Admin+ Stored Cross-Site Scripting
2023-08-3000:00:00
Dipak Panchal (th3.d1pak)
wpscan.com
3
popup builder
stored cross-site scripting
admin
vulnerability
wordpress
0.0004 Low
EPSS
Percentile
14.2%
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). Note: The vendor was made aware of the issue on June 14 and 28, 2023
PoC
1. Click on “Add New”, and select the image popup. 2. Navigate to “Settings” and enable the “Floating Button” option. 3. Enter the XSS payload in the Text field: [Click Here](<javascript:alert\(document.cookie\)>) 4. Clicking on the button will get the popup. This XSS payload works on WordPress Admin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 4.2.0 |
Related
wpexploit
wpexploit
Popup Builder < 4.2.0 - Admin+ Stored Cross-Site Scripting
2023-08-30 00:00:00
openvas
openvas
WordPress Popup Builder Plugin < 4.2.0 XSS Vulnerability
2023-09-26 00:00:00
prion
prion
Cross site scripting
2023-09-25 16:15:00
cvelist
cvelist
CVE-2023-3226 Popup Builder < 4.2.0 - Admin+ Stored Cross-Site Scripting
2023-09-25 15:56:52
cve
cve
CVE-2023-3226
2023-09-25 16:15:14
nvd
nvd
CVE-2023-3226
2023-09-25 16:15:14
wordfence
wordfence