First published: Mon Jan 01 2024(Updated: )
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Sygnoos Popup Builder | <4.2.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.