CVE-2025-13307

The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under user-controlled conditions that Editors and Administrators can set editpages capability. The conditions are then executed as part of an eval...

EUVD-2021-11963

Malware in sbrugna...

EUVD-2024-27406

Malicious code in bioql PyPI...

CVE-2024-3472

The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack...

CVE-2025-0897

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-0897 Modal Window <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-0897 Modal Window <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

PT-2025-7475 · WordPress · Modal Window

Name of the Vulnerable Software and Affected Versions: The Modal Window plugin for WordPress versions up to, and including, 6.1.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode due to insufficient input sanitization and output escaping on...

WordPress Modal Window plugin <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via iframeBox Shortcode vulnerability discovered by Bassem Essam in WordPress Plugin Modal Window versions = 6.1.5...

WordPress Modal Window Plugin <= 6.1.4 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Khang Duong in WordPress Plugin Modal Window versions = 6.1.4...

WordPress plugin Modal Window 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

WordPress Modal Window plugin < 5.3.10 - Modal Deletion via CSRF vulnerability

Modal Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Modal Window versions 5.3.10...

PT-2024-26133 · WordPress · Modal Window

Name of the Vulnerable Software and Affected Versions: The Modal Window WordPress plugin versions prior to 5.3.10 Description: The issue is related to the lack of a CSRF check when bulk deleting modals, which could allow attackers to make a logged-in admin delete them via a CSRF attack...

CVE-2024-2457

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-5161

CVE-2023-5161 – WordPress Modal Window plugin is vulnerable to stored XSS via shortcode attributes in versions up to 5.3.5. Root cause: insufficient input sanitization and output escaping for user-supplied shortcode attributes. Impact: authenticated attackers with contributor-level permissions ca...

CVE-2023-5161 Modal Window <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-lev...

CVE-2023-5161 Modal Window <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-lev...

PT-2023-31863 · WordPress · Modal Window

Name of the Vulnerable Software and Affected Versions: The Modal Window plugin for WordPress versions up to, and including, 5.3.5 Description: The issue is related to Stored Cross-Site Scripting via shortcodes due to insufficient input sanitization and output escaping on user-supplied attributes...

WordPress Modal Window plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The WordPress Modal Window plugin was vulnerable to cross-site request forgery prior to 5.2.2. The vulnerability stems from the plugin's failure to effectively filter calls to remote file resources...

CVE-2021-25051

The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE...