First published: Mon Nov 20 2023(Updated: )
The WP Post Popup WordPress plugin through 3.7.3 does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Allurewebsolutions Wp Post Popup | <=3.7.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2023-4808.
The title of this vulnerability is "WP Post Popup <= 3.7.3 - Admin+ Stored XSS".
The severity of CVE-2023-4808 is medium, with a severity value of 4.8.
The WP Post Popup plugin vulnerability allows high privilege users, such as admins, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed.
To fix CVE-2023-4808, it is recommended to update the WP Post Popup WordPress plugin to version 3.7.4 or newer, which includes a fix for this vulnerability.