First published: Fri Jan 24 2025(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup Maker Popup Maker allows Stored XSS. This issue affects Popup Maker: from n/a through 1.20.2.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Popup Maker | <=1.20.2 | |
Popup Maker | <=1.20.2 | |
Popup Maker | <=1.20.2 |
Update the WordPress Popup Maker wordpress plugin to the latest available version (at least 1.20.3).
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-24746 is classified as a Stored Cross-site Scripting (XSS) vulnerability.
To fix CVE-2025-24746, update the Popup Maker plugin to a version greater than 1.20.2.
CVE-2025-24746 affects Popup Maker versions up to and including 1.20.2.
The risks of CVE-2025-24746 include potential data theft and unauthorized actions through malicious scripts.
Yes, CVE-2025-24746 can be exploited by attackers to execute scripts if they can input data into the affected system.