The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Metrics
Affected Vendors & Products
References
History
Wed, 11 Jun 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Freebiesdownload
Freebiesdownload pvn Auth Popup |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:freebiesdownload:pvn_auth_popup:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Freebiesdownload
Freebiesdownload pvn Auth Popup |
Tue, 20 May 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Thu, 15 May 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |
Title | PVN Auth Popup <= 1.0.0 - Admin+ Stored XSS | |
References |
|

Status: PUBLISHED
Assigner: WPScan
Published: 2025-05-15T20:07:09.539Z
Updated: 2025-05-20T19:23:31.210Z
Reserved: 2024-07-12T14:00:01.137Z
Link: CVE-2024-6713

Updated: 2025-05-19T20:26:11.623Z

Status : Analyzed
Published: 2025-05-15T20:15:56.110
Modified: 2025-06-11T16:56:08.530
Link: CVE-2024-6713

No data.