Pop-Up Chop Chop <= 2.1.7 – Contributor+ Stored Cross-Site Scripting | CVE 2022-41638

Affects Plugins

pop-up

No known fix

References

CVE

CVE-2022-41638

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

Ngo Van Thien

Verified

No

WPVDB ID

b8611ebd-cfc9-4c19-80d7-d161cefdcb60

Timeline

Publicly Published

2022-09-26 (about 3 years ago)

Added

2022-10-22 (about 3 years ago)

Last Updated

2022-10-22 (about 3 years ago)

Other

Published

Title

Published

2024-10-15

Title

Cooked Pro < 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2014-08-01

Title

Upscale - Unspecified XSS

Published

2024-04-15

Title

WP Cost Estimation & Payment Forms Builder < 10.1.76 - Reflected Cross-Site Scripting

Published

2024-12-11

Title

VForm < 3.0.1 - Reflected Cross-Site Scripting

Published

2026-06-09

Title

Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates <= 2.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Parameters