The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/68af14ef-ca66-40d6-a1e5-09f74e2cd971 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-07-11T12:56:21
Updated: 2022-07-11T12:56:21
Reserved: 2022-05-26T00:00:00
Link: CVE-2022-1894
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-07-11T13:15:08.753
Modified: 2022-07-15T19:25:20.513
Link: CVE-2022-1894
JSON object: View
Redhat Information
No data.
CWE