CVE-2023-3226

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Sep 25, 2023

Updated: Dec 15, 2023

CWE ID 416

Summary

CVE-2023-3226 is a vulnerability affecting the Popup Builder plugin for WordPress before version 4.2.0. This issue allows high privilege users, such as admins, to execute Stored Cross-Site Scripting (XSS) attacks, bypassing the standard security measure that disallows the use of unfiltered_html capability. The plugin fails to sanitize and escape certain settings, making it possible for attackers to inject malicious scripts that can compromise affected websites.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rHKgly
https://www.cve.org/CVERecord?id=CVE-2023-3226
https://nvd.nist.gov/vuln/detail/CVE-2023-3226

Back to Vulnerability Database

CVE-2023-3226

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations