CVE-2026-48885

Unauthenticated Cross Site Scripting XSS in HollerBox = 2.3.10.1 versions...

CVE-2026-48885 WordPress HollerBox plugin <= 2.3.10.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in HollerBox = 2.3.10.1 versions...

CVE-2026-48885 WordPress HollerBox plugin <= 2.3.10.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in HollerBox = 2.3.10.1 versions...

EUVD-2026-36859

Unauthenticated Cross Site Scripting XSS in HollerBox = 2.3.10.1 versions...

CVE-2026-48885

CVE-2026-48885 concerns a Cross-Site Scripting (XSS) vulnerability in the WordPress HollerBox plugin for versions ≤ 2.3.10.1. The issue is described as unauthenticated XSS. The PatchStack entry assigns a CVSS v3.1 base score of 7.1 (HIGH), with network attack vector, no privileges required, user ...

WordPress HollerBox plugin <= 2.3.10.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by she11f in WordPress Plugin HollerBox versions = 2.3.10.1...

EUVD-2023-46149

Malicious code in bioql PyPI...

CVE-2023-41657

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Groundhogg Inc. HollerBox plugin = 2.3.2 versions...

CVE-2023-41657

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Groundhogg Inc. HollerBox plugin = 2.3.2 versions...

CVE-2023-41657

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Groundhogg Inc. HollerBox plugin = 2.3.2 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Groundhogg Inc. HollerBox plugin = 2.3.2 versions...

CVE-2023-41657 WordPress HollerBox Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Groundhogg Inc. HollerBox plugin = 2.3.2 versions...

CVE-2023-41657

CVE-2023-41657 describes an Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in the Groundhogg HollerBox WordPress plugin, affecting versions

CVE-2023-41657 WordPress HollerBox Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Groundhogg Inc. HollerBox plugin = 2.3.2 versions...

PT-2023-28028 · Groundhogg · Hollerbox Plugin

Name of the Vulnerable Software and Affected Versions: Groundhogg Inc. HollerBox plugin versions = 2.3.2 Description: The issue is related to an Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with administrative access can inject malicious scripts...

WordPress Plugin Fast & Effective Popups & Lead-Generation for WordPress - HollerBox Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

HollerBox < 2.3.3 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress HollerBox Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS)

Software HollerBox Type Plugin Vulnerable versions = 2.3.2 Fixed in 2.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41657 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 33a61ccd5728 Credits Rio Darmawan Required privile...

CVE-2023-2111 HollerBox < 2.1.4 - Admin+ SQL Injection

The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's...

HollerBox < 2.1.4 - Admin+ SQL Injection

The plugin concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's database. 1. Login as admin 2. Make sure HollerBox is installed and...