CVE-2023-5809: Popup box < 3.8.6 - Admin+ Stored XSS in Categories
First published: Mon Dec 04 2023(Updated: )
The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ays-pro Popup Box | <3.8.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the Popup Box plugin?
The vulnerability ID for the Popup Box plugin is CVE-2023-5809.
What is the severity of CVE-2023-5809?
The severity of CVE-2023-5809 is medium with a severity value of 4.8.
What is the affected software for CVE-2023-5809?
The affected software for CVE-2023-5809 is the Popup Box WordPress plugin version up to 3.8.6.
What is the description of CVE-2023-5809?
CVE-2023-5809 is a stored cross-site scripting (XSS) vulnerability in the Popup Box plugin before version 3.8.6 in WordPress.
How can an admin mitigate the risk of CVE-2023-5809?
To mitigate the risk of CVE-2023-5809, admins should update the Popup Box plugin to version 3.8.6 or later.
- collector/nvd-api
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/author
- agent/references
- agent/title
- agent/severity
- agent/weakness
- agent/tags
- collector/epss-latest
- source/FIRST
- agent/description
- agent/epss
- collector/mitre-cve
- source/MITRE
- vendor/ays-pro
- canonical/ays-pro popup box