PT-2023-17329 · WordPress · Wp Popups
Erwan Lr
·
Published
2023-05-08
·
Updated
2025-01-29
·
CVE-2023-1905
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP Popups WordPress plugin versions prior to 2.1.5.1
Description
The issue arises from insufficient escaping of the
href attribute in the spu-facebook-page shortcode, potentially allowing Stored Cross-Site Scripting attacks by users with the contributor role and above.Recommendations
For WP Popups WordPress plugin versions prior to 2.1.5.1, update to version 2.1.5.1 or later to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wp Popups