Lucene search
C3p0d4yWPEX-ID:725F6AE4-7EC5-4D7C-9533-C9B61B59CC2BHistoryOct 31, 2022 - 12:00 a.m.
Popup Maker < 1.16.11 - Contributor+ Stored Cross Site Scripting
2022-10-3100:00:00
c3p0d4y
94
popup maker version 1.16.11
contributor+
stored cross site scripting
new popup
trigger settings
on popup close
cookie
xss exploit
0.001 Low
EPSS
Percentile
24.8%
The plugin does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins
Create a New popup
Insert pop-up name, title, and body text.
Add a new trigger with default settings, choose "Click Open" and under "On Popup Close" then click add.
Click add new cookie and in the cookie name add the payload as cookie name: <script>alert("XSS")</script>
The XSS will be triggered when editing a trigger Related
patchstack
patchstack
nvd
nvd
CVE-2022-3690
2022-11-21 11:15:20
osv
osv
CVE-2022-3690
2022-11-21 11:15:20
prion
prion
Cross site scripting
2022-11-21 11:15:00
cvelist
cvelist
wpvulndb
wpvulndb
Popup Maker < 1.16.11 - Contributor+ Stored Cross Site Scripting
2022-10-31 00:00:00
cve
cve
CVE-2022-3690
2022-11-21 11:15:20
openvas
openvas
WordPress Popup Maker Plugin < 1.16.11 XSS Vulnerability
2023-02-23 00:00:00
cnvd
cnvd
WordPress Popup Maker Cross-Site Scripting Vulnerability
2022-11-23 00:00:00