Lucene search
K

6 matches found

EUVD
EUVD
added 2026/03/07 9:30 a.m.8 views

EUVD-2026-10136

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS5.7AI score0.00193EPSS
Exploits0References4
NVD
NVD
added 2026/03/07 8:16 a.m.7 views

CVE-2026-2420

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS0.00193EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/07 7:22 a.m.3 views

CVE-2026-2420 LotekMedia Popup Form <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS5.7AI score0.00193EPSS
Exploits0References3
CVE
CVE
added 2026/03/07 7:22 a.m.13 views

CVE-2026-2420

CVE-2026-2420 (LotekMedia Popup Form, WordPress) : Stored XSS in plugin settings affecting all versions up to 1.0.6. Exploitation requires Administrator+ privileges; payload executes on frontend pages displaying the popup. Connected docs confirm the issue and affected version range; no explicit f...

4.4CVSS5.7AI score0.00193EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/07 2:32 a.m.7 views

WordPress LotekMedia Popup Form plugin <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by Hieus in WordPress Plugin LotekMedia Popup Form versions = 1.0.6...

4.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.9 views

WordPress plugin LotekMedia Popup Form 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.4CVSS5.8AI score0.00193EPSS
Exploits0References4
Rows per page
Query Builder