CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32965 – WordPress Jazz Popups Plugin <= 1.8.7 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32965
18 May 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CRUDLab Jazz Popups plugin <= 1.8.7 versions. The Jazz Popups plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpjazzpopup_switchonoff’ parameter in versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such... • https://patchstack.com/database/vulnerability/jazz-popups/wordpress-jazz-popups-plugin-1-8-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32966 – WordPress Jazz Popups Plugin <= 1.8.7 is vulnerable to Cross Site Request Forgery (CSRF) leading to Stored XSS
https://notcve.org/view.php?id=CVE-2023-32966
18 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab Jazz Popups leads to Stored XSS.This issue affects Jazz Popups: from n/a through 1.8.7. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en CRUDLab Jazz Popups conduce XSS Almacenado. Este problema afecta a Jazz Popups: desde n/a hasta 1.8.7. The Jazz Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation. • https://patchstack.com/database/vulnerability/jazz-popups/wordpress-jazz-popups-plugin-1-8-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •