Cross-site Scripting Vulnerability in Simple Popup Images Plugin for WordPress
CVE-2014-3921

Currently unrated

Key Information:

Vendor: Wordpress
Status: Simple Popup
Vendor: CVE Published:; 30 May 2014

Summary

The Simple Popup Images plugin for WordPress suffers from a cross-site scripting vulnerability that allows attackers to inject arbitrary web scripts or HTML. This exploitation occurs via the 'z' parameter in popup.php, potentially leading to unauthorized actions or data exposure on affected sites.

References

http://packetstormsecurity.com/files/126763/WordPress-Sim...

x_refsource_MISC

http://www.securityfocus.com/bid/67562

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
May 30, 2014