CVE-2022-3690

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
4.8MEDIUM
EPSS
0.4%
top 37.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Popup MakerCode-atlantic Popup Maker
Timeline
PublishedNov 21

Description

The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/popup_maker< 1.16.11

🔴Vulnerability Details

2
GHSA
GHSA-grjj-rwj8-4mx3: The Popup Maker WordPress plugin before 12022-11-21
CVEList
Popup Maker < 1.16.11 - Contributor+ Stored Cross Site Scripting2022-11-21

📋Vendor Advisories

1
Oracle
Oracle Oracle Communications Risk Matrix: NSSF (Undertow) — CVE-2021-36902022-04-15
CVE-2022-3690 (MEDIUM CVSS 4.8) | The Popup Maker WordPress plugin be | cvebase.io