CVE-2023-4390

The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:ays-pro:popup_box:*:*:*:*:*:wordpress:*:*

History

08 Nov 2023, 17:28

Type Values Removed Values Added
CPE cpe:2.3:a:ays-pro:popup_box:*:*:*:*:*:wordpress:*:*
CWE CWE-79
First Time Ays-pro
Ays-pro popup Box
References (MISC) https://wpscan.com/vulnerability/9fd2eb81-185d-4d42-8acf-925664b7cb2f - (MISC) https://wpscan.com/vulnerability/9fd2eb81-185d-4d42-8acf-925664b7cb2f - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8

07 Nov 2023, 04:22

Type Values Removed Values Added
CWE CWE-79

31 Oct 2023, 14:23

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-31 14:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-4390

Mitre link : CVE-2023-4390

CVE.ORG link : CVE-2023-4390


JSON object : View

Products Affected

ays-pro

  • popup_box
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')