CVE-2024-3236

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 55.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Popup Builder Ghozylab Popup Builder

Timeline

PublishedJun 17

Description

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5unknown/popup_builder< 1.1.33

▶NVDghozylab/popup_builder< 1.1.33

🔴Vulnerability Details

GHSA

GHSA-qp28-67v3-65qc: The Popup Builder WordPress plugin before 1↗2024-06-17

▶

CVEList

Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS↗2024-06-17

▶