CVE-2024-5004

Name of the Vulnerable Software and Affected Versions: CM Popup Plugin for WordPress versions prior to 1.6.6

Description: The issue concerns the lack of sanitization and escaping of certain campaign settings, potentially allowing high-privilege users, such as contributors, to perform Stored Cross-Site Scripting attacks.

Recommendations: For versions prior to 1.6.6, update to version 1.6.6 or later to resolve the issue. As a temporary workaround, consider restricting contributor access to campaign settings until the update is applied.