CVE-2022-1104

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-1104

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1104.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-1104

Published

2022-05-09T17:15:08.797Z

Modified

2026-04-10T04:42:37.053486Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

References

https://wpscan.com/vulnerability/4d4709f3-ad38-4519-a24a-73bc04b20e52

Affected packages

Git / github.com/popupmaker/popup-maker

Affected ranges

Type

GIT

Repo

https://github.com/popupmaker/popup-maker

Events

Introduced

Fixed

7beeab7d73e168dc1d77b3111125a4a5e1f36d4a

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.16.5"
        }
    ]
}

Affected versions

1.*

1.11.1

1.11.2

1.12.0

1.13.0

1.13.1

1.14.0

v1.*

v1.1.8

v1.10.0

v1.10.1

v1.10.2

v1.11.0

v1.16.3

v1.16.4

v1.2.1

v1.3

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.3.7

v1.4.11

v1.4.13

v1.4.14

v1.4.15

v1.4.16

v1.4.17

v1.4.18

v1.4.19

v1.4.2

v1.4.20

v1.4.21

v1.4.5

v1.4.6

v1.4.7

v1.4.8

v1.4.9

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.5.5

v1.5.6

v1.5.7

v1.5.8

v1.6.4

v1.6.5

v1.6.6

v1.7.12

v1.7.14

v1.7.15

v1.7.17

v1.7.19

v1.7.21

v1.7.22

v1.7.26

v1.7.27

v1.7.28

v1.7.29

v1.7.30

v1.7.7

v1.7.9

v1.8.0

v1.8.0-beta.1

v1.8.1

v1.8.11

v1.8.13

v1.8.14

v1.8.3

v1.8.5

v1.8.7

v1.8.8

v1.8.9

v1.9.0

v1.9.1

v1.9.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1104.json"