Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbPrasad BorvankarWPVDB-ID:9FD2EB81-185D-4D42-8ACF-925664B7CB2F
HistoryOct 09, 2023 - 12:00 a.m.

Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting

2023-10-0900:00:00
Prasad Borvankar
wpscan.com
popup box
admin
stored cross-site scripting
plugin
unfiltered_html
capability
multisite
xss
homepage

0.0004 Low

EPSS

Percentile

14.0%

JSON

Description The plugin does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).

PoC

1. Create a new PopUp Box within the plugin. 2. In the “Custom Content” and Popup Description fields, enter the following payload when in text mode: 3. The XSS will be triggered when editing the Popup up again, or when accessing the frontend (such as the homepage)

CPENameOperatorVersion
eq3.7.2

Related

prion 1
wpexploit 1
nvd 1
cvelist 1
cve 1
prion
prion
Design/Logic Flaw
2023-10-31 14:15:00
wpexploit
wpexploit
Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting
2023-10-09 00:00:00
nvd
nvd
CVE-2023-4390
2023-10-31 14:15:11
cvelist
cvelist
CVE-2023-4390 Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting
2023-10-31 13:54:45
cve
cve
CVE-2023-4390
2023-10-31 14:15:11

0.0004 Low

EPSS

Percentile

14.0%

JSON
Related for WPVDB-ID:9FD2EB81-185D-4D42-8ACF-925664B7CB2F
prion1wpexploit1nvd1cvelist1cve1