What is CVE-2022-1104?

CVE-2022-1104 is a vulnerability in Popup Maker – For Opt-ins, Lead Gen, & More, classified under Cross-site Scripting. Published 2022-05-09.

Is CVE-2022-1104 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Popup Maker – For Opt-ins, Lead Gen, & More

CVE-2022-1104

The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.539 (98.9th percentile) — read the EPSS interpretation.

Affected products

Unknown Popup Maker – For Opt-ins, Lead Gen, & More — versions 1.16.5

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

References

wpscan.com/vulnerability/4d4709f3-ad38-4519-a24a-73bc04b20e52 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-1104?: CVE-2022-1104 is a vulnerability in Popup Maker – For Opt-ins, Lead Gen, & More, classified under Cross-site Scripting. Published 2022-05-09.
Is CVE-2022-1104 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.