Lucene search
WpvulndbWPVDB-ID:916C9EB3-0D35-47C2-AB64-150C3476DE0DHistoryNov 23, 2023 - 12:00 a.m.
Poptin < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
2023-11-2300:00:00
wpscan.com
10
wordpress
cross-site scripting
input sanitization
Description The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘poptin-form’ shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Related
cvelist
cvelist
CVE-2023-4961
2023-10-20 07:29:21
nvd
nvd
CVE-2023-4961
2023-10-20 08:15:12
prion
prion
Cross site scripting
2023-10-20 08:15:00
cve
cve
CVE-2023-4961
2023-10-20 08:15:12
wordfence
wordfence
AI Score
5.9
Confidence
High
EPSS
0.001
Percentile
24.4%
Related for WPVDB-ID:916C9EB3-0D35-47C2-AB64-150C3476DE0D