CVE-2024-3231

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt