Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3690

Nov. 21, 2022, 11:15 a.m. |

National Vulnerability Database nist.gov

The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

cve

Senior Cloud Security Engineer

@ HelloFresh | Berlin, Germany

Senior Security Engineer

@ Reverb | Remote, US

Sr. Product Manager - Cloud Security/CNAPP

@ Zscaler | Atlanta, GA, United States

ISSO - Security Delivery

@ Novetta | Columbia, MD

Junior Cyber Security Recruitment Consultant (possibility for work abroad)

@ Gradfuel | London, England, United Kingdom

Internship, Cybersecurity

@ Qontigo | Eschborn, Hessen, Germany

Security Administrator

@ Zero Hash | Melbourne, VIC - Remote

Cybersecurity Project Manager, Reactive Lead - Unit 42 Consulting (Remote)

@ Palo Alto Networks | Santa Clara, CA, United States

Consultant, GRC, Proactive Services (Unit 42) - Remote

@ Palo Alto Networks | New York City, United States

Senior Manager, Security Operations (Secure Access Engineering)

@ GitHub | Remote - United States

Junior Penetration Tester - Amsterdam

@ BreachLock | Amsterdam, North Holland, Netherlands

Senior Product Security Engineer

@ 8x8, Inc. | Remote, Romania