32 matches found
EUVD-2025-28356
Malicious code in bioql PyPI...
EUVD-2024-46839
Malicious code in bioql PyPI...
CVE-2025-50027
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xootix Login/Signup Popup easy-login-woocommerce allows Stored XSS.This issue affects Login/Signup Popup: from n/a through = 2.9.4...
CVE-2025-50027 WordPress Login/Signup Popup plugin <= 2.9.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xootix Login/Signup Popup easy-login-woocommerce allows Stored XSS.This issue affects Login/Signup Popup: from n/a through = 2.9.4...
WordPress plugin Login/Signup Popup 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
PT-2025-26384 · Unknown · Xootix Login/Signup Popup
Name of the Vulnerable Software and Affected Versions: xootix Login/Signup Popup versions n/a through 2.9.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS in the xootix Login/Signup Popu...
CVE-2025-1064 Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode
The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xooelaction shortcode in all versions up to, and including, 2.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...
WordPress plugin Login/Signup Popup 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
CVE-2024-5665
The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘exportsettings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-5665
CVE-2024-5665 affects the Login/Signup Popup (Inline Form + Woocommerce) WordPress plugin. In versions 2.7.1–2.7.2, export_settings is missing a capability check, enabling authenticated users with Subscriber-level access and above to read arbitrary options on affected sites. The vulnerability is ...
WordPress Login/Signup Popup ( Inline Form + Woocommerce ) plugin <= 2.7.2 - Missing Authorization to Arbitrary Options Exposure vulnerability
Missing Authorization to Arbitrary Options Exposure vulnerability discovered by 1337Wannabe in WordPress Plugin Login/Signup Popup versions = 2.7.2...
CVE-2024-5324
The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2024-5324 XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update
Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2024-5324
CVE-2024-5324 affects the WordPress plugin Login/Signup Popup (Inline Form + Woocommerce). Versions 2.7.1–2.7.2 lack a capability check in import_settings, allowing authenticated users with Subscriber-level access and above to modify arbitrary options, enabling new user registrations and potentia...
WordPress Login/Signup Popup Plugin <= 2.7.2 is vulnerable to Broken Access Control
Software Login/Signup Popup Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-5665 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID c7d62032dc99 Credits 1337Wannabe Required...
WordPress plugin Login/Signup Popup ( Inline Form + Woocommerce) security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...
WordPress plugin Login/Signup Popup ( Inline Form + Woocommerce) security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...
Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.7.2 - Missing Authorization to Arbitrary Options Update
Missing Authorization to Arbitrary Options Update vulnerability discovered by 1337Wannabe - home in WordPress Plugin Login/Signup Popup versions = 2.7.2...
40,000 WordPress Sites affected by Vulnerability That Leads to Privilege Escalation in Login/Signup Popup WordPress Plugin
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
VulnCheck KEV: CVE-2024-5324
The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level...