Popup Manager by Cohhe <= 1.6.6 - Unauthenticated Stored XSS
LANACOMMONVDB ID: 54f88f13-1330-408e-9628-7a5352e2492d
The plugin does not have authorization and Cross-Site Request Forgery (CSRF) check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored Cross-Site Scripting (XSS) payloads as well.