The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CPE | Name | Operator | Version |
---|---|---|---|
popup-maker | eq | 1.16.3 | |
popup-maker | eq | 1.10.2 | |
popup-maker | eq | 1.7.17 | |
popup-maker | eq | 1.3.7 | |
popup-maker | eq | 1.5.6 | |
popup-maker | eq | 1.10.0 | |
popup-maker | eq | 1.5.5 | |
popup-maker | eq | 1.4 | |
popup-maker | eq | 1.4.8 | |
popup-maker | eq | 1.5.8 |