Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2023-4961

The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.1%
CVSS Severity
CVSS v3 Score 6.4
Products affected by CVE-2023-4961
  • Poptin » Popups » Version: 0.9.1
    cpe:2.3:a:poptin:popups:0.9.1
  • Poptin » Popups » Version: 0.9.2
    cpe:2.3:a:poptin:popups:0.9.2
  • Poptin » Popups » Version: 0.9.3
    cpe:2.3:a:poptin:popups:0.9.3
  • Poptin » Popups » Version: 0.9.4
    cpe:2.3:a:poptin:popups:0.9.4
  • Poptin » Popups » Version: 1.1.2
    cpe:2.3:a:poptin:popups:1.1.2
  • Poptin » Popups » Version: 1.1.3
    cpe:2.3:a:poptin:popups:1.1.3
  • Poptin » Popups » Version: 1.1.4
    cpe:2.3:a:poptin:popups:1.1.4
  • Poptin » Popups » Version: 1.1.5
    cpe:2.3:a:poptin:popups:1.1.5
  • Poptin » Popups » Version: 1.1.6
    cpe:2.3:a:poptin:popups:1.1.6
  • Poptin » Popups » Version: 1.1.7
    cpe:2.3:a:poptin:popups:1.1.7
  • Poptin » Popups » Version: 1.1.8
    cpe:2.3:a:poptin:popups:1.1.8
  • Poptin » Popups » Version: 1.1.9
    cpe:2.3:a:poptin:popups:1.1.9
  • Poptin » Popups » Version: 1.2.1
    cpe:2.3:a:poptin:popups:1.2.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved