Reflected Cross-Site Scripting in Email Subscription Popup Plugin for WordPress
CVE-2023-6527
6.1MEDIUM
What is CVE-2023-6527?
The Email Subscription Popup plugin for WordPress has a vulnerability that allows for reflected cross-site scripting attacks through inadequate sanitization of user inputs. Specifically, attackers can exploit the HTTP_REFERER header to inject malicious scripts into web pages. This occurs when unsuspecting users are tricked into clicking on malicious links, resulting in the execution of harmful scripts in their browsers. This vulnerability poses a significant risk, particularly as it affects all versions of the plugin up to and including 1.2.18.
Affected Version(s)
Email Subscription Popup * <= 1.2.18