Ivanweb Popup4Phone vulnerabilities
2 known vulnerabilities affecting ivanweb/popup4phone.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-3231P3MEDIUMCVSS 6.1PoC≤ 1.3.22024-05-17
CVE-2024-3231 [MEDIUM] CWE-79 CVE-2024-3231: The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which c
The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.
nvd
CVE-2024-3580P4MEDIUMCVSS 6.1≤ 1.3.22024-05-17
CVE-2024-3580 [MEDIUM] CWE-79 CVE-2024-3580: The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, wh
The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
nvd