Popup Builder <= 4.1.15 – Authenticated (Admin+) Stored Cross-Site Scripting

  • Hello,

    i reinstalled the solution with new update, my security scan still telling me.

    The Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    Software Type Plugin Software Slug popup-builderPatched? No

    Remediation No known patch available.

    I saw in previous post that you said that this vulnerability is patched ,but this version i downloaded with renewal it is not.

    I am very satisfied with your plugin and that is why i renew it every year ,but a security issue is not good point for my point of view.

    Do you have a solution for this security issue? Thanks

Viewing 1 replies (of 1 total)

  • do we have any updates on this? We see the same thing and this is a very important matter and should be addressed as soon as possible.

Viewing 1 replies (of 1 total)
  • The topic ‘Popup Builder <= 4.1.15 – Authenticated (Admin+) Stored Cross-Site Scripting’ is closed to new replies.