CVE-2023-0733Cross-site Scripting in Popup Project Newsletter Popup

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.6%
top 29.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Newsletter Popup Project Newsletter Popup
Timeline
PublishedMay 30

Description

The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-xc2c-p2fc-pq4v: The Newsletter Popup WordPress plugin through 12023-05-30
CVEList
Newsletter Popup <= 1.2 - Unauthenticated Stored XSS2023-05-30
CVE-2023-0733 — Cross-site Scripting | cvebase