The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/4bea7baa-84a2-4b21-881c-4f17822329e7/ | Exploit Third Party Advisory |
Configurations
History
25 Jul 2024, 15:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
First Time |
Cminds
Cminds cm Popup |
|
CPE | cpe:2.3:a:cminds:cm_popup:*:*:*:*:*:wordpress:*:* | |
References | () https://wpscan.com/vulnerability/4bea7baa-84a2-4b21-881c-4f17822329e7/ - Exploit, Third Party Advisory |
22 Jul 2024, 13:00
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
22 Jul 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-22 06:15
Updated : 2024-08-01 13:59
NVD link : CVE-2024-5004
Mitre link : CVE-2024-5004
CVE.ORG link : CVE-2024-5004
JSON object : View
Products Affected
cminds
- cm_popup
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')