Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Pop ups, WordPress Exit Intent Popup, Email Pop Up, Lightbox Pop Up, Spin the Wheel, Contact Form Builder – Poptin 1.3

  • Severity: medium-risk
  • Status: Fixed
  • Publication: September 18, 2023

The Poptin plugin for WordPress, up to version 1.3, has a security vulnerability which could allow attackers with contributor-level or higher permissions to inject malicious scripts into pages. This means that when a user visits an affected page, the malicious script can be executed automatically. This vulnerability is caused by the plugin not properly sanitizing user-supplied data or escaping output.

Detected in:

Pop ups, Exit Intent Popup, Email Pop Up Builder, Lightbox, Spin the Wheel Popups – Poptin fixed vulnerable versions:
Pop ups, WordPress Exit Intent Popup, Email Pop Up Builder, Lightbox, Spin the Wheel Popups – Poptin fixed vulnerable versions:
Pop ups, WordPress Exit Intent Popup, Email Pop Up, Lightbox Pop Up, Spin the Wheel, Contact Form Builder – Poptin fixed vulnerable versions: >= * <= 1.3
Poptin – Exit Pop Ups & Email Forms fixed vulnerable versions:
Poptin – Exit Pop Ups & Email Popups fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.