First published: Mon Jul 11 2022(Updated: )
The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Sygnoos Popup Builder | <4.1.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-1894 is a vulnerability in the Popup Builder WordPress plugin before version 4.1.11 that allows high privilege users to perform Stored Cross-Site Scripting attacks.
CVE-2022-1894 has a severity value of 4.8, which is considered medium.
The Popup Builder WordPress plugin before version 4.1.11 is affected by CVE-2022-1894.
To fix CVE-2022-1894, update your Popup Builder WordPress plugin to version 4.1.11 or later.
You can find more information about CVE-2022-1894 at the following reference: [https://wpscan.com/vulnerability/68af14ef-ca66-40d6-a1e5-09f74e2cd971](https://wpscan.com/vulnerability/68af14ef-ca66-40d6-a1e5-09f74e2cd971)