Description
The WP Post Popup WordPress plugin through 3.7.3 does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2023-54652 | The WP Post Popup WordPress plugin through 3.7.3 does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
References
History
No history.
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2024-08-02T07:38:00.794Z
Reserved: 2023-09-06T16:48:36.280Z
Link: CVE-2023-4808
No data.
Status : Modified
Published: 2023-11-20T19:15:09.497
Modified: 2026-06-17T06:38:37.797
Link: CVE-2023-4808
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD