Report
The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
Score:6.9
Severity:Medium
Version: 2.0.3
There is a patch available in v2.0.4 and we strongly recommend you update to this version as soon as possible.
