The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficient fix of CVE-2023-24003
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-05-08T13:58:00.447Z
Updated: 2024-08-02T06:05:26.712Z
Reserved: 2023-04-06T09:52:21.902Z
Link: CVE-2023-1905
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-05-08T14:15:13.417
Modified: 2024-11-21T07:40:07.103
Link: CVE-2023-1905
Redhat
No data.