Security Advisory

CVE-2022-4362

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-01-02 21:49:24
Last updated 2025-04-10 15:03:53
Assigner WPScan
State PUBLISHED

Description

The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks