What is CVE-2023-6000?

CVE-2023-6000 is a vulnerability in Popup Builder, classified under CWE-79 CROSS-SITE SCRIPTING (XSS). Published 2024-01-01.

Is CVE-2023-6000 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Popup Builder

CVE-2023-6000

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.

EPSS: 0.691 (98.7th percentile) — read the EPSS interpretation.

Affected products

Unknown Popup Builder — versions 0

Public proof-of-concept exploits

RonF98/CVE-2023-6000-POC
ARPSyndicate/cve-scores
fkie-cad/nvd-json-data-feeds
nomi-sec/PoC-in-GitHub
20142995/nuclei-templates
rxerium/CVE-2023-6000
rxerium/stars
plzheheplztrying/cve_

References

wpscan.com/vulnerability/cdb3a8bd-4ee0-4ce0-9029-0490273bcfc8 (exploit, vdb-entry, technical-description)
wpscan.com/blog/stored-xss-fixed-in-popup-builder-4-2-3/ (technical-description)

Frequently asked questions

What is CVE-2023-6000?: CVE-2023-6000 is a vulnerability in Popup Builder, classified under CWE-79 CROSS-SITE SCRIPTING (XSS). Published 2024-01-01.
Is CVE-2023-6000 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.