WordPress Plugin Vulnerabilities

Jazz Popups <= 1.8.7 - Unauthenticated Reflected Cross-Site Scripting

Description

The plugin does not properly sanitize user input, leading to a potential Reflected Cross-Site Scripting (XSS) vulnerability.

Affects Plugins

Plugin icon
jazz-popups
No known fix

References

CVE
CVE-2023-32965
URL
https://patchstack.com/database/vulnerability/jazz-popups/wordpress-jazz-popups-plugin-1-8-7-cross-site-scripting-xss-vulnerability

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
aec98024-d88f-490e-b3fb-23a61eade62f

Timeline

Publicly Published
2023-05-18 (about 2 years ago)
Added
2023-07-18 (about 2 years ago)
Last Updated
2023-07-18 (about 2 years ago)

Other

Published
Title
Published
2023-09-25
Title
User Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS
Published
2025-11-10
Title
WP Count Down Timer <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2026-05-01
Title
Gravity Forms < 2.10.1 - Unauthenticated Stored Cross-Site Scripting via Hidden Product Field in Repeater
Published
2024-04-15
Title
Tainacan Interface < 2.7.2 - Reflected Cross-Site Scripting
Published
2024-02-27
Title
Profile Box Shortcode And Widget < 1.2.1 - Admin+ Stored XSS