Vulnerability CVE-2023-5561

Vulnerability CVE-2023-5561

Published: 2023-10-16

Description:

The Popup Builder WordPress plugin through 4.1.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Type:

CWE-200

(Information Exposure)

References:

https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/

https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441

Copyright 2026, cxsecurity.com