1 results (0.002 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1

The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks. The CM Pop-Up Banners for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via campaign data in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/3ee3023a-541c-40e6-8d62-24b4b110633c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •