6.1
CVE-2023-6000
- EPSS 2%
- Veröffentlicht 01.01.2024 15:15:43
- Zuletzt bearbeitet 18.06.2025 15:15:24
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginPopup Builder < 4.2.3 - Unauthenticated Stored XSS
Popup Builder <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.
Mögliche Gegenmaßnahme
Popup Builder – Create highly converting, mobile friendly marketing popups.: Update to version 4.2.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sygnoos ≫ Popup Builder SwPlatformwordpress Version < 4.2.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Popup Builder – Create highly converting, mobile friendly marketing popups.
Version
[*, 4.2.3)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2% | 0.782 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://wpscan.com/blog/stored-xss-fixed-in-popup-builder-4-2-3/
https://wpscan.com/vulnerability/cdb3a8bd-4ee0-4ce0-9029-0490273bcfc8
https://www.wordfence.com/threat-intel/vulnerabilities/id/e4a853e0-0ebc-4ed5-b6ff-ce3973fb3ee1