Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2023-4390
HistoryOct 31, 2023 - 1:54 p.m.

CVE-2023-4390 Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting

2023-10-3113:54:45
WPScan
www.cve.org
2
cross-site scripting
wordpress
popup box

EPSS

0

Percentile

14.0%

JSON

The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Popup box",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "3.7.2"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Related

prion 1
wpexploit 1
nvd 1
wpvulndb 1
cve 1
prion
prion
Design/Logic Flaw
2023-10-31 14:15:00
wpexploit
wpexploit
Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting
2023-10-09 00:00:00
nvd
nvd
CVE-2023-4390
2023-10-31 14:15:11
wpvulndb
wpvulndb
Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting
2023-10-09 00:00:00
cve
cve
CVE-2023-4390
2023-10-31 14:15:11

EPSS

0

Percentile

14.0%

JSON
Related for CVELIST:CVE-2023-4390
prion1wpexploit1nvd1wpvulndb1cve1