CVE-2020-36715

Name of the Vulnerable Software and Affected Versions Login/Signup Popup plugin for WordPress versions up to, and including, 1.4

Description The issue is related to authorization bypass due to missing capability checks on several functions. This allows authenticated attackers to inject arbitrary web scripts into the plugin settings, which can execute if a user is tricked into performing a specific action, such as clicking on a link.

Recommendations For versions up to, and including, 1.4, update to a version that includes the necessary capability checks to prevent authorization bypass.