Lucene search
John Jefferson LiWPVDB-ID:F296DE1C-B70B-4829-ABA7-4AFA24F64C51HistoryJan 22, 2024 - 12:00 a.m.
Popup Box Pro < 20.9.0 - Admin+ Stored XSS
2024-01-2200:00:00
John Jefferson Li
wpscan.com
5
popup box pro
version 20.9.0
admin
stored xss
vulnerability
unfiltered_html disallowed
arbitrary scripts
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PoC
Create/edit a new popup and add the following payload in the Custom Content: Save, and notice the alert box appearing when visiting the blog
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 20.9.0 |
Related
wpvulndb
wpvulndb
Popup Box Pro < 7.9.0 - Admin+ Stored XSS
2024-01-22 00:00:00
prion
prion
Cross site scripting
2024-02-12 16:15:00
cve
cve
CVE-2023-6591
2024-02-12 16:15:08
cvelist
cvelist
CVE-2023-6591 Popup Box Pro < 20.9.0 - Admin+ Stored XSS
2024-02-12 16:06:00
nvd
nvd
CVE-2023-6591
2024-02-12 16:15:08
wpexploit
wpexploit
Popup Box Pro < 20.9.0 - Admin+ Stored XSS
2024-01-22 00:00:00
Popup Box Pro < 7.9.0 - Admin+ Stored XSS
2024-01-22 00:00:00
5.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPVDB-ID:F296DE1C-B70B-4829-ABA7-4AFA24F64C51