The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Metrics
Affected Vendors & Products
References
History
Wed, 09 Oct 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ays-pro
Ays-pro popup Box |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:ays-pro:popup_box:*:*:*:*:pro:wordpress:*:* | |
Vendors & Products |
Ays-pro
Ays-pro popup Box |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-02-12T16:06:00.145Z
Updated: 2024-10-28T00:08:28.341Z
Reserved: 2023-12-07T18:13:46.703Z
Link: CVE-2023-6591
Vulnrichment
Updated: 2024-08-02T08:35:14.411Z
NVD
Status : Modified
Published: 2024-02-12T16:15:08.337
Modified: 2024-11-21T08:44:09.657
Link: CVE-2023-6591
Redhat
No data.