CVE-2022-4362
published 2023-01-02CVE-2022-4362: The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as…
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.56%
42.4th percentile
The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| code-atlantic | popup_maker | < 1.16.9 | 1.16.9 |
| chrome_chrome | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jwf2-6pcx-2939: The Popup Maker WordPress plugin before 1
ghsa_unreviewed·2023-01-03
CVE-2022-4362 [MEDIUM] CWE-79 GHSA-jwf2-6pcx-2939: The Popup Maker WordPress plugin before 1
The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2023-4361
vendor_chrome·2023-08-25·CVSS 5.3
CVE-2023-4361 [MEDIUM] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2023-4361
Stable Channel Update for ChromeOS / ChromeOS Flex
CVE-2023-4361: Inappropriate implementation in Autofill. Reported by Thomas Orlita on 2023-07-17 [$1000][ 1316379 ] Medium CVE-2023-4362: Heap buffer overflow in Mojom IDL
Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab on 2022-04-14 [$1000][ 1367085 ] Medium CVE-2023-4363: Inappropriate implementation in WebShare
Severity: medium
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-01-02
Published