The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks
Name | Vendor | Start Version | End Version |
---|---|---|---|
Newsletter_popup | Newsletter_popup_project | * | 1.2 (including) |