81 matches found
CVE-2025-0897
The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-0897 Modal Window <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode
The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-0897 Modal Window <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode
The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
PT-2025-7475 · WordPress · Modal Window
Name of the Vulnerable Software and Affected Versions: The Modal Window plugin for WordPress versions up to, and including, 6.1.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode due to insufficient input sanitization and output escaping on...
WordPress plugin Modal Window 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
WordPress Modal Window plugin <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via iframeBox Shortcode vulnerability discovered by Bassem Essam in WordPress Plugin Modal Window versions = 6.1.5...
CVE-2025-24717
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4...
CVE-2025-24717
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Modal Window modal-window allows Cross Site Request Forgery.This issue affects Modal Window: from n/a through = 6.1.4...
CVE-2025-24717 WordPress Modal Window Plugin <= 6.1.4 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4...
CVE-2025-24717
CVE-2025-24717 describes a Cross-Site Request Forgery (CSRF) in the WordPress plugin Modal Window (Wow-Company) that allows CSRF to settings changes. Affected range is variants “Modal Window” up to version 6.1.4 . Public sources (NVD, CVE records, Patchstack, Red Hat) consistently cite CSRF as th...
WordPress Modal Window Plugin <= 6.1.4 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Khang Duong in WordPress Plugin Modal Window versions = 6.1.4...
WordPress plugin Modal Window 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...
CVE-2024-43346
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3...
CVE-2024-43346
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3...
CVE-2024-43346
CVE-2024-43346 is a stored XSS vulnerability in the WordPress plugin “Modal Window” from Wow-Company. The issue affects Modal Window versions from n/a up to 6.0.3 and, per the vulnerability entry, has been patched (no exploit details provided in the sources). The vulnerability involves improper n...
CVE-2024-43346 WordPress Modal Window – create popup modal window plugin <= 6.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3...
CVE-2024-43346 WordPress Modal Window – create popup modal window plugin <= 6.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3...
WordPress plugin Modal Window 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Modal Window – create popup modal window plugin <= 6.0.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Modal Window versions = 6.0.3...
WordPress Modal Window Plugin <= 6.0.3 is vulnerable to Cross Site Scripting (XSS)
Software Modal Window Type Plugin Vulnerable versions = 6.0.3 Fixed in 6.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43346 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 956b00accf44 Credits LVT-tholv2k Required privilege Contributo...