Ivanweb Popup4phone
2 CVEs affecting Ivanweb Popup4phone. Latest disclosed: 2024-05-17. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-3580 | Medium | 6.1 | 2024-05-17 | The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perf… |
CVE-2024-3231 | Medium | 6.1 | 2024-05-17 | The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scri… |