Lucene search
K

81 matches found

NVD
NVD
added 2025/02/20 9:15 a.m.38 views

CVE-2025-0897

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00284EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/20 8:22 a.m.12 views

CVE-2025-0897 Modal Window <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00284EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/20 8:22 a.m.36 views

CVE-2025-0897 Modal Window <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00284EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/02/20 12:0 a.m.25 views

PT-2025-7475 · WordPress · Modal Window

Name of the Vulnerable Software and Affected Versions: The Modal Window plugin for WordPress versions up to, and including, 6.1.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS8AI score0.00284EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/02/20 12:0 a.m.4 views

WordPress plugin Modal Window 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS8.1AI score0.00284EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/02/19 10:56 p.m.8 views

WordPress Modal Window plugin <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via iframeBox Shortcode vulnerability discovered by Bassem Essam in WordPress Plugin Modal Window versions = 6.1.5...

6.4CVSS5.8AI score0.00284EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/01/24 6:15 p.m.5 views

CVE-2025-24717

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4...

8.8CVSS7.3AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2025/01/24 6:15 p.m.27 views

CVE-2025-24717

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Modal Window modal-window allows Cross Site Request Forgery.This issue affects Modal Window: from n/a through = 6.1.4...

8.8CVSS0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/24 5:25 p.m.11 views

CVE-2025-24717 WordPress Modal Window Plugin <= 6.1.4 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4...

5.4CVSS6.9AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2025/01/24 5:25 p.m.70 views

CVE-2025-24717

CVE-2025-24717 describes a Cross-Site Request Forgery (CSRF) in the WordPress plugin Modal Window (Wow-Company) that allows CSRF to settings changes. Affected range is variants “Modal Window” up to version 6.1.4 . Public sources (NVD, CVE records, Patchstack, Red Hat) consistently cite CSRF as th...

8.8CVSS7.2AI score0.00214EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/24 11:47 a.m.3 views

WordPress Modal Window Plugin <= 6.1.4 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Khang Duong in WordPress Plugin Modal Window versions = 6.1.4...

8.8CVSS6.9AI score0.00214EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/01/24 12:0 a.m.5 views

WordPress plugin Modal Window 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

8.8CVSS8.5AI score0.00214EPSS
Exploits0References2
OSV
OSV
added 2024/08/18 2:15 p.m.3 views

CVE-2024-43346

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3...

5.4CVSS5.8AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2024/08/18 2:15 p.m.30 views

CVE-2024-43346

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3...

6.5CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 2024/08/18 1:18 p.m.62 views

CVE-2024-43346

CVE-2024-43346 is a stored XSS vulnerability in the WordPress plugin “Modal Window” from Wow-Company. The issue affects Modal Window versions from n/a up to 6.0.3 and, per the vulnerability entry, has been patched (no exploit details provided in the sources). The vulnerability involves improper n...

6.5CVSS6.5AI score0.00246EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/18 1:18 p.m.24 views

CVE-2024-43346 WordPress Modal Window – create popup modal window plugin <= 6.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3...

6.5CVSS6.8AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/18 1:18 p.m.36 views

CVE-2024-43346 WordPress Modal Window – create popup modal window plugin <= 6.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3...

6.5CVSS0.00246EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/18 12:0 a.m.4 views

WordPress plugin Modal Window 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS6.1AI score0.00246EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/16 1:57 p.m.6 views

WordPress Modal Window – create popup modal window plugin <= 6.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Modal Window versions = 6.0.3...

6.5CVSS6.1AI score0.00246EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/16 12:0 a.m.15 views

WordPress Modal Window Plugin <= 6.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Modal Window Type Plugin Vulnerable versions = 6.0.3 Fixed in 6.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43346 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 956b00accf44 Credits LVT-tholv2k Required privilege Contributo...

6.5CVSS6.6AI score0.00246EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder