Lucene search

K

Popup Security Vulnerabilities

cve
cve

CVE-2024-2544

The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...

7.4CVSS

7AI Score

0.0004EPSS

2024-06-15 02:15 AM
2
cve
cve

CVE-2023-6696

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check,....

8.1CVSS

8AI Score

0.001EPSS

2024-06-15 02:15 AM
3
cve
cve

CVE-2023-36504

Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-14 12:15 AM
14
cve
cve

CVE-2024-5665

The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘export_settings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access...

4.3CVSS

6.8AI Score

0.001EPSS

2024-06-06 08:15 AM
21
cve
cve

CVE-2024-5342

The Simple Image Popup Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sips_popup' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

6AI Score

0.0004EPSS

2024-06-06 02:15 AM
1
cve
cve

CVE-2024-5324

The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS

8.2AI Score

0.001EPSS

2024-06-06 02:15 AM
4
cve
cve

CVE-2024-5224

The Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cardoza_facebook_like_box' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

6AI Score

0.0004EPSS

2024-06-06 02:15 AM
17
cve
cve

CVE-2024-35655

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brave Brave Popup Builder allows Stored XSS.This issue affects Brave Popup Builder: from n/a through...

5.9CVSS

5.3AI Score

0.0004EPSS

2024-06-04 02:15 PM
21
cve
cve

CVE-2024-34770

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Popup Maker Popup Maker WP allows Stored XSS.This issue affects Popup Maker WP: from n/a through...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-03 12:15 PM
28
cve
cve

CVE-2024-34797

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Benoit Mercusot Simple Popup Manager allows Stored XSS.This issue affects Simple Popup Manager: from n/a through...

5.9CVSS

7AI Score

0.0004EPSS

2024-06-03 11:15 AM
14
cve
cve

CVE-2024-2506

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied.....

6.4CVSS

6AI Score

0.0004EPSS

2024-06-01 07:15 AM
29
cve
cve

CVE-2024-4045

The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-25 06:15 AM
28
cve
cve

CVE-2024-3155

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-21 03:15 AM
30
cve
cve

CVE-2023-46197

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through...

8.8CVSS

6.7AI Score

0.0004EPSS

2024-05-17 09:15 AM
65
cve
cve

CVE-2024-34567

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through...

5.9CVSS

6.6AI Score

0.0004EPSS

2024-05-17 06:15 AM
23
cve
cve

CVE-2024-32800

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Felix Moira Popup More Popups allows Stored XSS.This issue affects Popup More Popups: from n/a through...

5.9CVSS

6.6AI Score

0.0004EPSS

2024-05-17 06:15 AM
24
cve
cve

CVE-2024-3644

The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.6AI Score

0.0004EPSS

2024-05-16 06:15 AM
28
cve
cve

CVE-2024-3643

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF...

6.6AI Score

0.0004EPSS

2024-05-16 06:15 AM
31
cve
cve

CVE-2024-3642

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF...

6.6AI Score

0.0004EPSS

2024-05-16 06:15 AM
29
cve
cve

CVE-2024-3641

The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against...

6.2AI Score

0.0004EPSS

2024-05-16 06:15 AM
30
cve
cve

CVE-2024-34367

Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).This issue affects Popup box: from n/a through...

7.1CVSS

6.5AI Score

0.0004EPSS

2024-05-06 07:15 PM
28
cve
cve

CVE-2024-33918

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maxim K AJAX Login and Registration modal popup + inline form allows Stored XSS.This issue affects AJAX Login and Registration modal popup + inline form: from n/a through...

5.9CVSS

6.6AI Score

0.0004EPSS

2024-05-03 08:15 AM
27
cve
cve

CVE-2024-3897

The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to enumerate all....

5.3CVSS

6.5AI Score

0.0005EPSS

2024-05-02 05:15 PM
27
cve
cve

CVE-2024-1945

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arflite_remove_preview_data' function in all versions up to, and including, 1.6.4. This makes it possible for.....

7.1CVSS

6.3AI Score

0.0004EPSS

2024-05-02 05:15 PM
26
cve
cve

CVE-2024-4433

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr Digital Simple Image Popup allows Stored XSS.This issue affects Simple Image Popup: from n/a through...

5.9CVSS

6.6AI Score

0.0004EPSS

2024-05-02 04:15 PM
31
cve
cve

CVE-2024-3477

The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF...

6.7AI Score

0.0004EPSS

2024-05-02 06:15 AM
41
cve
cve

CVE-2024-32601

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Popup Anything.This issue affects Popup Anything: from n/a through...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-04-18 09:15 AM
37
cve
cve

CVE-2024-31421

Missing Authorization vulnerability in Supsystic Popup by Supsystic.This issue affects Popup by Supsystic: from n/a through...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-04-15 11:15 AM
37
cve
cve

CVE-2024-31239

Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through...

4.3CVSS

9.2AI Score

0.0004EPSS

2024-04-12 01:15 PM
30
cve
cve

CVE-2024-0881

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such...

6.8AI Score

0.001EPSS

2024-04-11 04:15 PM
29
cve
cve

CVE-2024-31387

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through...

5.9CVSS

6.6AI Score

0.0004EPSS

2024-04-11 01:15 PM
22
cve
cve

CVE-2024-2457

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS

7.6AI Score

0.0004EPSS

2024-04-09 07:15 PM
23
cve
cve

CVE-2024-2336

The Popup Maker – Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

6AI Score

0.0004EPSS

2024-04-09 07:15 PM
34
cve
cve

CVE-2024-2008

The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of untrusted input in the awl_modal_popup_box_shortcode function. This makes it possible for authenticated...

8.8CVSS

9.3AI Score

0.0004EPSS

2024-04-04 03:15 AM
35
cve
cve

CVE-2024-31100

Cross-Site Request Forgery (CSRF) vulnerability in Festi-Team Popup Cart Lite for WooCommerce.This issue affects Popup Cart Lite for WooCommerce: from n/a through...

5.4CVSS

9.3AI Score

0.0004EPSS

2024-03-31 07:15 PM
28
cve
cve

CVE-2024-30453

Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through...

5.4CVSS

9.4AI Score

0.0004EPSS

2024-03-29 05:15 PM
29
cve
cve

CVE-2024-30184

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Looking Forward Software Incorporated. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through...

6.5CVSS

9.1AI Score

0.0004EPSS

2024-03-27 12:15 PM
25
cve
cve

CVE-2024-29009

Cross-site request forgery (CSRF) vulnerability in easy-popup-show all versions allows a remote unauthenticated attacker to hijack the authentication of the administrator and to perform unintended operations if the administrator views a malicious page while logged...

7.3AI Score

0.0004EPSS

2024-03-25 05:15 AM
35
cve
cve

CVE-2024-27960

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Email Subscription Popup allows Stored XSS.This issue affects Email Subscription Popup: from n/a through...

7.1CVSS

9.1AI Score

0.0004EPSS

2024-03-17 05:15 PM
33
cve
cve

CVE-2023-7072

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft...

7.5CVSS

8AI Score

0.0004EPSS

2024-03-12 11:15 PM
35
cve
cve

CVE-2024-1698

The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and...

9.8CVSS

9.5AI Score

0.001EPSS

2024-02-27 06:15 AM
80
cve
cve

CVE-2024-1436

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiloke WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit.This issue affects WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit: from n/a through...

5.3CVSS

6.2AI Score

0.0004EPSS

2024-02-26 04:27 PM
79
cve
cve

CVE-2023-6591

The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...

5.8AI Score

0.0004EPSS

2024-02-12 04:15 PM
49
cve
cve

CVE-2023-6294

The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress...

6.6AI Score

0.0004EPSS

2024-02-12 04:15 PM
47
cve
cve

CVE-2024-0844

The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute...

7.2CVSS

8AI Score

0.001EPSS

2024-02-02 12:15 PM
9
cve
cve

CVE-2023-51534

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey,...

5.9CVSS

5.1AI Score

0.0004EPSS

2024-02-01 11:15 AM
27
cve
cve

CVE-2023-51532

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage – WordPress Lead Generation, Popup...

6.5CVSS

5.5AI Score

0.0004EPSS

2024-02-01 11:15 AM
62
cve
cve

CVE-2023-6828

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arf_http_referrer_url’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping....

7.2CVSS

5.9AI Score

0.001EPSS

2024-01-11 09:15 AM
51
cve
cve

CVE-2023-6645

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

6.4CVSS

5.2AI Score

0.0004EPSS

2024-01-11 09:15 AM
43
cve
cve

CVE-2023-4962

The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS

5.2AI Score

0.001EPSS

2024-01-11 09:15 AM
15
Total number of security vulnerabilities151