WordPress Popups plugin <= 1.9.3.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

2022-07-0700:00:00

Raad Haddad

patchstack.com

wordpress

popups plugin

authenticated

stored

cross-site scripting

xss

EPSS

0.001

Percentile

24.8%

JSON

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Raad Haddad in WordPress Popups plugin (versions <= 1.9.3.8).

Solution

Deactivate and delete. This plugin has been closed as of July 5, 2022 and is not available for download. This closure is temporary, pending a full review.

References

wpscan.com/vulnerability/ea0180cd-e018-43ea-88b9-fa8e71bf34bf

EPSS

0.001

Percentile

24.8%

JSON

Related for PATCHSTACK:AE7094A1D77CE1023500CFB74E57A270