{"id":"CVE-2024-3644","details":"The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","modified":"2026-03-14T12:34:11.887867Z","published":"2024-05-16T06:15:10.370Z","references":[{"type":"EVIDENCE","url":"https://wpscan.com/vulnerability/10eb712a-d9c3-46c9-be6a-02811396fae8/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3644.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}]}