18 matches found
EUVD-2025-21675
Malicious code in bioql PyPI...
CVE-2025-54018
Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners cm-pop-up-banners allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Pop-Up banners: from n/a through = 1.8.4...
CVE-2025-54018
Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners cm-pop-up-banners allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Pop-Up banners: from n/a through = 1.8.4...
PT-2025-29749 · Creativemindssolutions · Cm Pop-Up Banners
Name of the Vulnerable Software and Affected Versions: CM Pop-Up banners versions n/a through 1.8.4 Description: A missing authorization issue exists in CreativeMindsSolutions CM Pop-Up banners due to incorrectly configured access control security levels. Recommendations: Update CM Pop-Up banners...
WordPress plugin CM Pop-Up banners 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-5799
The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks...
WordPress CM Pop-Up Banners plugin <= 1.7.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin CM Pop-Up banners versions = 1.7.6...
WordPress CM Pop-Up Banners for WordPress plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin CM Pop-Up banners versions = 1.7.3...
WordPress CM Pop-Up Banners plugin <= 1.7.5 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin CM Pop-Up banners versions 1.7.5...
WordPress CM Pop-Up banners Plugin 1.7.5 is vulnerable to Cross Site Scripting (XSS)
Software CM Pop-Up banners Type Plugin Vulnerable versions 1.7.5 Fixed in 1.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11202 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f58e5244f29c Credits Peter Thaleikis...
WordPress CM Pop-Up Banners for WordPress plugin < 1.7.3 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Eunho Kim in WordPress Plugin CM Pop-Up banners versions 1.7.3...
CVE-2024-5799
The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks...
WordPress plugin CM Pop-Up Banners 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
WordPress CM Pop-Up banners Plugin < 1.7.3 is vulnerable to Cross Site Scripting (XSS)
Software CM Pop-Up banners Type Plugin Vulnerable versions 1.7.3 Fixed in 1.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5799 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 747794d443c6 Credits Eunho Kim Required...
PT-2024-37163 · WordPress · Cm Pop-Up Banners
Name of the Vulnerable Software and Affected Versions: CM Pop-Up Banners for WordPress versions prior to 1.7.3 Description: The issue allows high privilege users, such as Contributors, to perform Cross-Site Scripting attacks due to the plugin not sanitising and escaping some of its popup fields...
WordPress CM Pop-Up banners Plugin < 1.6.6 is vulnerable to Cross Site Scripting (XSS)
Software CM Pop-Up banners Type Plugin Vulnerable versions 1.6.6 Fixed in 1.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5004 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2c09d4a685e6 Credits Felipe Caon Required...
WordPress CM Pop-Up banners Plugin <= 1.5.10 is vulnerable to SQL Injection
Software CM Pop-Up banners Type Plugin Vulnerable versions = 1.5.10 Fixed in 1.6.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-30750 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID a1957d5dbbe6 Credits Dave Jong Patchstack Required privilege...
CM Pop-Up banners < 1.4.11 - Authenticated Stored XSS
When saving a new campaign, a user with editpages capabilities can store scripts in the campaign’s pop-up content. The code can then be executed on every page on the website. A user with the editpages capability can store any script in the pop-up's content. The content is serialized and then save...