CVE-2023-6000
Popup Builder < 4.2.3 - Unauthenticated Stored XSS
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.
We have discovered 690 live websites that are affected by CVE-2023-6000.
Affected Software
| Product |  Popup Builder |
| Category | Wordpress Plugins |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 95 |
| Vulnerable Domains | 690 live websites (16.22% of Popup Builder install base) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-6000 and the relative popularity of websitesDetails
- Published - Jan 1, 2024
- Updated - Jan 1, 2024
Credits
- Marc Montpas (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
Countries
 United States | 202 websites |
 Germany | 51 websites |
 France | 49 websites |
 Italy | 34 websites |
 Poland | 28 websites |
 India | 27 websites |
 Russia | 26 websites |
 GB | 26 websites |
 Spain | 21 websites |
 Canada | 16 websites |
TLDs
| .com | 311 websites |
| .org | 53 websites |
| .de | 28 websites |
| .it | 26 websites |
| .ru | 23 websites |
| .pl | 20 websites |
| .fr | 15 websites |
| .co.uk | 14 websites |
| .net | 13 websites |
| .com.br | 12 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2023-6000 through included software libraries and plugins.References
- https://wpscan.com/vulnerability/cdb3a8bd-4ee0-4ce0-9029-0490273bcfc8
- https://wpscan.com/blog/stored-xss-fixed-in-popup-builder-4-2-3/
Websites affected by CVE-2023-6000
Top websites that are affected by CVE-2023-6000. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.*****.com | GB | **,*** | |
| ***.*************.com | France | ***,*** | |
| ***.*********.com | India | ***,*** | |
| *****.***.tr |  Turkey | ***,*** | |
| ***.****.org | United States | ***,*** | |
| ***.********.com | Germany | ***,*** | |
| ***.********.org | United States | ***,*** | |
| ***.********.com | United States | ***,*** | |
| ***.*****.com | United States | ***,*** | |
| ********.africa |  South Africa | ***,*** |