Medium severity6.5NVD Advisory· Published May 17, 2024· Updated Apr 28, 2026

CVE-2024-34567

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 1.1.29.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stored XSS in Popup Builder plugin ≤1.1.29 allows authenticated attackers to inject arbitrary scripts executed on visitors.

The Popup Builder plugin for WordPress versions through 1.1.29 contains a stored cross-site scripting (XSS) vulnerability due to improper neutralization of user-supplied input during web page generation. This flaw resides in the way the plugin handles custom popup content, which lacks sufficient sanitization or output encoding, enabling malicious script injection that persists on the server [1].

References

Cross Site Scripting (XSS) in WordPress Popup Builder Plugin

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WordPress/Easy Notify Liteinferred
Range: <=1.1.29
Package: https://wordpress.org/plugins/easy-notify-lite

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patchstack.com/database/vulnerability/easy-notify-lite/wordpress-easy-notify-lite-plugin-1-1-29-cross-site-scripting-xss-vulnerabilitynvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000