The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
History

Wed, 09 Oct 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Ays-pro
Ays-pro popup Box
Weaknesses CWE-79
CPEs cpe:2.3:a:ays-pro:popup_box:*:*:*:*:pro:wordpress:*:*
Vendors & Products Ays-pro
Ays-pro popup Box
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-02-12T16:06:00.145Z

Updated: 2024-10-28T00:08:28.341Z

Reserved: 2023-12-07T18:13:46.703Z

Link: CVE-2023-6591

cve-icon Vulnrichment

Updated: 2024-08-02T08:35:14.411Z

cve-icon NVD

Status : Modified

Published: 2024-02-12T16:15:08.337

Modified: 2024-11-21T08:44:09.657

Link: CVE-2023-6591

cve-icon Redhat

No data.