Lucene search
K

32 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28356

Malicious code in bioql PyPI...

5.9CVSS6.5AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-46839

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00362EPSS
Exploits0References3
NVD
NVD
added 2025/06/20 3:15 p.m.15 views

CVE-2025-50027

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xootix Login/Signup Popup easy-login-woocommerce allows Stored XSS.This issue affects Login/Signup Popup: from n/a through = 2.9.4...

5.9CVSS0.00218EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/20 3:3 p.m.10 views

CVE-2025-50027 WordPress Login/Signup Popup plugin <= 2.9.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xootix Login/Signup Popup easy-login-woocommerce allows Stored XSS.This issue affects Login/Signup Popup: from n/a through = 2.9.4...

5.9CVSS0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/20 12:0 a.m.3 views

WordPress plugin Login/Signup Popup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

5.9CVSS5.7AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.4 views

PT-2025-26384 · Unknown · Xootix Login/Signup Popup

Name of the Vulnerable Software and Affected Versions: xootix Login/Signup Popup versions n/a through 2.9.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS in the xootix Login/Signup Popu...

5.9CVSS5.5AI score0.00218EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/20 8:22 a.m.7 views

CVE-2025-1064 Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xooelaction shortcode in all versions up to, and including, 2.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.8AI score0.00258EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/20 12:0 a.m.4 views

WordPress plugin Login/Signup Popup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

6.4CVSS8.2AI score0.00258EPSS
Exploits0References2
OSV
OSV
added 2024/06/06 8:15 a.m.7 views

CVE-2024-5665

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘exportsettings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.9AI score0.00362EPSS
Exploits0References3
CVE
CVE
added 2024/06/06 7:37 a.m.47 views

CVE-2024-5665

CVE-2024-5665 affects the Login/Signup Popup (Inline Form + Woocommerce) WordPress plugin. In versions 2.7.1–2.7.2, export_settings is missing a capability check, enabling authenticated users with Subscriber-level access and above to read arbitrary options on affected sites. The vulnerability is ...

4.3CVSS4.8AI score0.00362EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/06/06 2:55 a.m.9 views

WordPress Login/Signup Popup ( Inline Form + Woocommerce ) plugin <= 2.7.2 - Missing Authorization to Arbitrary Options Exposure vulnerability

Missing Authorization to Arbitrary Options Exposure vulnerability discovered by 1337Wannabe in WordPress Plugin Login/Signup Popup versions = 2.7.2...

4.3CVSS7AI score0.00362EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/06/06 2:15 a.m.13 views

CVE-2024-5324

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access...

8.8CVSS5.8AI score0.01507EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/06 2:2 a.m.107 views

CVE-2024-5324 XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update

Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.8CVSS8.4AI score0.01507EPSS
Exploits0References7
CVE
CVE
added 2024/06/06 2:2 a.m.64 views

CVE-2024-5324

CVE-2024-5324 affects the WordPress plugin Login/Signup Popup (Inline Form + Woocommerce). Versions 2.7.1–2.7.2 lack a capability check in import_settings, allowing authenticated users with Subscriber-level access and above to modify arbitrary options, enabling new user registrations and potentia...

8.8CVSS6AI score0.01507EPSS
Exploits0References7Affected Software4
Patchstack
Patchstack
added 2024/06/06 12:0 a.m.17 views

WordPress Login/Signup Popup Plugin <= 2.7.2 is vulnerable to Broken Access Control

Software Login/Signup Popup Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-5665 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID c7d62032dc99 Credits 1337Wannabe Required...

4.3CVSS6.5AI score0.00362EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.5 views

WordPress plugin Login/Signup Popup ( Inline Form + Woocommerce) security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...

4.3CVSS6.6AI score0.00362EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.5 views

WordPress plugin Login/Signup Popup ( Inline Form + Woocommerce) security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...

8.8CVSS6.6AI score0.01507EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/06/05 3:53 p.m.6 views

Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.7.2 - Missing Authorization to Arbitrary Options Update

Missing Authorization to Arbitrary Options Update vulnerability discovered by 1337Wannabe - home in WordPress Plugin Login/Signup Popup versions = 2.7.2...

8.8CVSS7AI score0.01507EPSS
Exploits0References1Affected Software1
Wordfence Blog
Wordfence Blog
added 2024/06/05 3:1 p.m.24 views

40,000 WordPress Sites affected by Vulnerability That Leads to Privilege Escalation in Login/Signup Popup WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

8.8CVSS8.5AI score0.01507EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2024/06/05 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-5324

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS5.8AI score0.01507EPSS
Exploits0References1
Rows per page
Query Builder