CVE-2024-5004

July 22, 2024, 1 p.m.

Product(s) Impacted

CM Popup Plugin for WordPress

  • before 1.6.6

Description

The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks

Weaknesses

Date

Published: July 22, 2024, 6:15 a.m.

Last Modified: July 22, 2024, 1 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

contact@wpscan.com

References