Popup box < 3.4.5 – Reflected XSS | CVE 2023-27414

Affects Plugins

ays-popup-box

Fixed in 3.4.5

References

CVE

CVE-2023-27414

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

7.1 (high)

Miscellaneous

Original Researcher

Nguyen Xuan Chien

Verified

Yes

WPVDB ID

c8e58dcb-d48a-44e7-a037-a14d59948289

Timeline

Publicly Published

2023-03-08 (about 3 years ago)

Added

2023-06-21 (about 2 years ago)

Last Updated

2023-06-21 (about 2 years ago)

Other

Published

Title

Published

2026-01-13

Title

Kunze Law <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2015-08-20

Title

Huge IT Image Gallery < 1.5.6 - Authenticated Cross-Site Scripting (XSS)

Published

2021-01-15

Title

Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2025-02-02

Title

Migrate Posts <= 1.0 - Reflected Cross-Site Scripting

Published

2025-07-23

Title

FunnelCockpit < 1.4.4 - Reflected Cross-Site Scripting via `error` Parameter