Lucene search
Roel van BeurdenWPEX-ID:4D4709F3-AD38-4519-A24A-73BC04B20E52HistoryApr 12, 2022 - 12:00 a.m.
Popup Maker < 1.16.5 - Admin+ Stored Cross-Site Scripting
2022-04-1200:00:00
Roel van Beurden
166
popup maker
admin+
stored xss
popup settings
triggers
add new cookie
xss payload
cookie time
update
save/update.
EPSS
0.001
Percentile
38.3%
The plugin does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Popup Maker > Create Popup > Popup Settings > Triggers > Add New Cookie > Add > Cookie Time, overwrite the default '1 month' with the following XSS payload: <script>alert('XSS');</script>
Click 'Update' and Save/Update the Popup. The XSS will be triggered when editing the popup againRelated
wpvulndb
wpvulndb
Popup Maker < 1.16.5 - Admin+ Stored Cross-Site Scripting
2022-04-12 00:00:00
osv
osv
CVE-2022-1104
2022-05-09 17:15:08
cvelist
cvelist
CVE-2022-1104 Popup Maker < 1.16.5 - Admin+ Stored Cross-Site Scripting
2022-05-09 16:50:46
openvas
openvas
WordPress Popup Maker Plugin < 1.16.5 XSS Vulnerability
2023-02-23 00:00:00
exploitdb
exploitdb
nvd
nvd
CVE-2022-1104
2022-05-09 17:15:08
patchstack
patchstack
checkpoint_advisories
checkpoint_advisories
WordPress Popup Maker Plugin Cross-Site Scripting (CVE-2022-1104)
2022-11-17 00:00:00
prion
prion
Cross site scripting
2022-05-09 17:15:00
cve
cve
CVE-2022-1104
2022-05-09 17:15:08