CVE-2022-3690
Popup Maker < 1.16.11 - Contributor+ Stored Cross Site ScriptingThe Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins
We have discovered 36,451 live websites that are affected by CVE-2022-3690.
Affected Software
| Product |  Popup Maker |
| Category | Wordpress Plugins |
| Vulnerable Domains | 36,451 live websites (19.72% of Popup Maker install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 107 versions ( 84.92% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Nov 21, 2022
- Updated - Aug 3, 2024
Credits
- c3p0d4y (finder)
CWE
CVE References
CWE References
CVE-2022-3690 usage by Country
 United States | 11,070 websites |
 Russia | 5,849 websites |
 Germany | 2,684 websites |
 France | 1,811 websites |
 Poland | 1,036 websites |
 Italy | 940 websites |
 GB | 889 websites |
 Ukraine | 821 websites |
 Spain | 783 websites |
 Australia | 713 websites |
CVE-2022-3690 usage by TLD
| .com | 13,544 websites |
| .ru | 4,789 websites |
| .org | 1,306 websites |
| .de | 1,103 websites |
| .com.au | 871 websites |
| .pl | 810 websites |
| .it | 799 websites |
| .net | 632 websites |
| .co.uk | 614 websites |
| .fr | 604 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2022-3690
Top websites that are affected by CVE-2022-3690. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.com | United States | **,*** | |
| **********.**.il |  Israel | **,*** | |
| **************.ca |  Canada | **,*** | |
| ********.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| *******.de | Germany | **,*** | |
| *****.io |  Korea, South | **,*** | |
| *******.com |  Hong Kong | **,*** | |
| ****.*************.**.uk | United States | **,*** | |
| *******.com | United States | **,*** |
FAQ
CVE-2022-3690 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Popup Maker
A total of 36,451 websites have been identified as vulnerable to CVE-2022-3690, discovered through global website indexing conducted by WebTechSurvey.
Popup Maker is susceptible to CVE-2022-3690 vulnerability.
Popup Maker versions before 1.16.11 are vulnerable to CVE-2022-3690.
Version 1.16.11 of Popup Maker addresses the CVE-2022-3690 security vulnerability.