**Name of the Vulnerable Software and Affected Versions**

Popup Maker plugin for WordPress versions prior to 1.20.7

**Description**

The Popup Maker plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses an injected page. The vulnerability exists through the `title` parameter.

**Recommendations**

Update the Popup Maker plugin to version 1.20.7 or later.