CVE-2023-6000
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2023-6000 is a vulnerability affecting the Popup Builder WordPress plugin before version 4.2.3. This issue permits simple visitors to bypass security measures and update existing popups with malicious JavaScript code. Consequently, Stored Cross-Site Scripting (XSS) attacks can be executed, potentially compromising the affected website and posing a risk to its users. The plugin's failure to adequately validate and sanitize user input permits the injection of unauthorized scripts, leading to serious security concerns. Upgrading to the latest version of Popup Builder is recommended to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.