← back
CVE-2021-24275

Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)

EPSS 18.2%CWE-79
The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
Affected products
Supsystic · Popup by Supsystic
public PoCs found2
cve_referencepacketstormsecurity.com/files/164311/WordPress-Popup-1.10.4-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50346unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/164311/WordPress-Popup-1.10.4-Cross-Site-Scripting.htmlhttps://wpscan.com/vulnerability/efdc76e0-c14a-4baf-af70-9d381107308f