Hello Bar Popup Builder
Monthly
DOM-Based XSS in Hello Bar Popup Builder WordPress plugin versions up to 1.5.1 allows authenticated attackers with low privileges to inject arbitrary scripts that execute in users' browsers with the affected site's context. The vulnerability requires user interaction (UI:R) and affects confidentiality, integrity, and availability with limited scope. EPSS score of 0.03% (8th percentile) and CISA SSVC assessment of non-automatable exploitation with partial technical impact indicate this is a low real-world priority despite moderate CVSS score, though authenticated access and user interaction requirements limit immediate threat surface.
DOM-Based XSS in Hello Bar Popup Builder WordPress plugin versions up to 1.5.1 allows authenticated attackers with low privileges to inject arbitrary scripts that execute in users' browsers with the affected site's context. The vulnerability requires user interaction (UI:R) and affects confidentiality, integrity, and availability with limited scope. EPSS score of 0.03% (8th percentile) and CISA SSVC assessment of non-automatable exploitation with partial technical impact indicate this is a low real-world priority despite moderate CVSS score, though authenticated access and user interaction requirements limit immediate threat surface.