The Popup Manager WordPress plugin up to and including 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated malicious users to create arbitrary popups and add Stored XSS payloads as well
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
popup manager project popup manager |