CVE-2019-11872

Name of the Vulnerable Software and Affected Versions The Hustle (aka wordpress-popup) plugin version 6.0.7

Description The issue allows for injecting malicious code into a pop-up window, potentially granting an attacker the ability to execute malicious code on the administrator's computer through Excel functions. This is due to the plugin's failure to sanitize user input, allowing the insertion of any text.

Recommendations For version 6.0.7, consider disabling the plugin until a patch is available to prevent potential exploitation. Restrict access to the plugin's functionality to minimize the risk of malicious code injection. Avoid using the plugin to insert untrusted text into pop-up windows until the issue is resolved.