CVE-2021-24152: 
WordPress vulnerability analysis and mitigation

The Popup Builder WordPress plugin versions before 3.74 contained a reflected Cross-Site Scripting (XSS) vulnerability, identified as CVE-2021-24152. The vulnerability was discovered in the "All Subscribers" setting page of the plugin. This security issue was publicly disclosed on February 2, 2021, and was discovered by Nguyen Anh Tien from SunCSR (Sun* Cyber Security Research) (WPScan).

The vulnerability is classified as a reflected Cross-Site Scripting (XSS) issue with a CVSS v3 Base Score of 6.1 (Medium). The attack vector is network-based, requires user interaction, but does not require privileges for exploitation. The vulnerability is tracked as CWE-79, which is the Common Weakness Enumeration identifier for Cross-Site Scripting (WPScan, AttackerKB).

The vulnerability could allow attackers to execute malicious JavaScript code in the context of the victim's browser session. This could potentially lead to theft of sensitive information, session hijacking, or other client-side attacks. The CVSS scoring indicates low impact on both confidentiality and integrity, with no impact on availability (AttackerKB).

The vulnerability has been fixed in Popup Builder version 3.74. Users are advised to update to this version or later to mitigate the security risk (WPScan).