cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-2336,https://securityvulnerability.io/vulnerability/CVE-2024-2336,Stored Cross-Site Scripting in Popup Maker Plugin for WordPress,"The Popup Maker for WordPress is susceptible to stored cross-site scripting due to inadequate input sanitization and output escaping on user-supplied attributes within its shortcode functionality. This vulnerability allows authenticated attackers with contributor-level permissions and above to inject arbitrary web scripts into pages. Any user accessing these compromised pages may unknowingly execute the injected scripts, leading to potential data theft, session hijacking, or other malicious activities. Users of Popup Maker versions up to and including 1.18.2 are urged to upgrade to secure their applications.",Wordpress,"Popup Maker – Popup For Opt-ins, Lead Gen, & More",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T18:58:45.238Z,0
CVE-2022-1104,https://securityvulnerability.io/vulnerability/CVE-2022-1104,Popup Maker < 1.16.5 - Admin+ Stored Cross-Site Scripting,"The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed",Wordpress,"Popup Maker – Popup For Opt-ins, Lead Gen, & More",4.8,MEDIUM,0.0006099999882280827,false,,false,false,false,,false,false,2022-05-09T16:50:46.000Z,0