CVE-2024-3641
6.1MEDIUMThe Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins
Publicado: 5/16/2024Actualizado: 5/19/2025
Descripción
The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins
Análisis IAImpulsado por IA
Productos Afectados
mndpsingh287newsletter_popup
Referencias
- https://wpscan.com/vulnerability/f4047f1e-d5ea-425f-8def-76dd5e6a497e/ExploitThird Party Advisory
- https://wpscan.com/vulnerability/f4047f1e-d5ea-425f-8def-76dd5e6a497e/ExploitThird Party Advisory