Unrated severityNVD Advisory· Published Jan 1, 2024· Updated Jun 18, 2025

Popup Builder < 4.2.3 - Unauthenticated Stored XSS

CVE-2023-6000

Description

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.

Affected products

Unknown/Popup Builderv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/cdb3a8bd-4ee0-4ce0-9029-0490273bcfc8mitreexploitvdb-entrytechnical-description
wpscan.com/blog/stored-xss-fixed-in-popup-builder-4-2-3/mitretechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.055
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000