exploitDog

CVE-2024-3236

Опубликовано: 17 июн. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks.

Ссылки

https://wpscan.com/vulnerability/a6c2da28-dc03-4bcc-a6c3-ee55a73861db/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a6c2da28-dc03-4bcc-a6c3-ee55a73861db/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ghozylab:popup_builder:*:*:*:*:*:wordpress:*:*

Версия до 1.1.33 (исключая)

EPSS

Процентиль: 44%

0.00219

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-qp28-67v3-65qc

CVSS3: 5.4

github

больше 1 года назад

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks.

EPSS

Процентиль: 44%

0.00219

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79