Stored Cross-site Scripting Flaw in 5 Star Plugins Pretty Simple Popup Builder
CVE-2024-56298

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Pretty Simple Popup Builder
Vendor: CVE Published:; 7 January 2025

Summary

A vulnerability exists in the Pretty Simple Popup Builder plugin developed by 5 Star Plugins, which can lead to Stored Cross-site Scripting (XSS) attacks. This flaw allows attackers to inject malicious scripts into web pages that can be executed when users interact with the popup. It affects versions from n/a up to 1.0.9, posing significant risks for websites utilizing this plugin, as it can compromise user data and session hijacking. Website owners are strongly advised to update their plugins to mitigate this vulnerability.

Affected Version(s)

Pretty Simple Popup Builder <= 1.0.9

References

https://patchstack.com/database/wordpress/plugin/pretty-s...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 7, 2025
Vulnerability Reserved
Dec 18, 2024

Credit

satrya wira yudha (Patchstack Alliance)