5.4
CVE-2022-4362
- EPSS 0.56%
- Veröffentlicht 02.01.2023 22:15:17
- Zuletzt bearbeitet 10.04.2025 15:16:01
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginPopup Maker < 1.16.9 - Contributor+ Stored XSS via Shortcode
Popup Maker <= 1.16.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Mögliche Gegenmaßnahme
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder: Update to version 1.16.9, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Code-atlantic ≫ Popup Maker SwPlatformwordpress Version < 1.16.9
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder
Version
*-1.16.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.56% | 0.422 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
https://wpscan.com/vulnerability/2660225a-e4c8-40f2-8c98-775ef2301212
https://www.wordfence.com/threat-intel/vulnerabilities/id/697e8954-5adb-472a-a961-4e14f22d3b66