Popup Manager by Cohhe <= 1.6.6 - Unauthenticated Stored XSS
LANACOMMONVDB ID: 54f88f13-1330-408e-9628-7a5352e2492d
The plugin does not have authorization and Cross-Site Request Forgery (CSRF) check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored Cross-Site Scripting (XSS) payloads as well.
Attributes
- Catgory
- WordPress Plugin
- Discovered
- 2022-11-07
- Published
- 2022-11-28
- Affected Version
- <= 1.6.6
Classification
- Type
- Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), Missing Authorization
Support Us?
We would truly appreciate it if you bought us a bunny (food for a snow leopard).
