The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficient fix of CVE-2023-24003
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/b6ac3e15-6f39-4514-a50d-cca7b9457736 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-05-08T13:58:00.447Z
Updated: 2023-05-08T13:58:00.447Z
Reserved: 2023-04-06T09:52:21.902Z
Link: CVE-2023-1905
JSON object: View
NVD Information
Status : Modified
Published: 2023-05-08T14:15:13.417
Modified: 2023-11-07T04:05:19.383
Link: CVE-2023-1905
JSON object: View
Redhat Information
No data.
CWE
No CWE.