3378 matches found
CVE-2026-56037
Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...
CVE-2026-56037 WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...
CVE-2026-56037
The CVE-2026-56037 affects Themify Popup (WordPress plugin) ≤ 1.4.3. It describes a Deserialization of Untrusted Data vulnerability that allows PHP Object Injection through deserialized data. The underlying issue is the ability to inject or manipulate objects via untrusted input, enabling high-ri...
WP Popup Builder Popup Forms and Marketing Lead Generation <= 1.3.5 - Arbitrary Shortcode Execution
The The WP Popup Builder Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wpajaxnoprivshortcodeApiAdd AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that...
WordPress Popup Builder <= 4.2.3 - Unauthenticated Stored XSS
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. id: CVE-2023-6000 info: name: WordPress Popup Builder = 4.2.3 - Unauthenticated Stored XSS author: riteshs4...
Popup by Supsystic < 1.10.9 - Subscriber Email Addresses Disclosure
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users id: CVE-2022-0424 info: name: Popup by Supsystic 1.10.9 - Subscriber Email...
WordPress Popup Builder < 4.0.7 - Remote Code Execution
Popup Builder WordPress plugin before 4.0.7 contains a local file inclusion caused by unsanitized 'sgpbtype' parameter in require statement, letting attackers include arbitrary local files or execute code via wrappers like PHAR, exploit requires attacker to control 'sgpbtype' parameter. id:...
Popup-Maker < 1.8.12 - Broken Authentication
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt aka the...
Popup Builder Plugin - SQL Injection and Cross-Site Scripting
The Popup Builder WordPress plugin before 4.1.1 is vulnerable to SQL Injection and Reflected XSS via the sgpb-subscription-popup-id parameter. id: CVE-2022-0479 info: name: Popup Builder Plugin - SQL Injection and Cross-Site Scripting author: ritikchaddha severity: critical description: | The Pop...
Popup Builder < 4.0.7 - SQL Injection
The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection. id: CVE-2022-0228 info: name: Popup Builder 4.0.7 -...
Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection
The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.This makes ...
Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
The Oracle Applications Framework component of Oracle E-Business Suite subcomponent: Popup windows lists of values, datepicker, etc. is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers...
EUVD-2026-40776
Insufficient validation of untrusted input in PopupBlocker in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14089
Insufficient validation of untrusted input in PopupBlocker in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-57631
Administrator SQL Injection in Popup box = 6.0.1 versions...
CVE-2026-57631
CVE-2026-57631 affects the WordPress Popup box plugin (versions
EUVD-2026-39747
Administrator SQL Injection in Popup box = 6.0.1 versions...
CVE-2026-57631 WordPress Popup box plugin <= 6.0.1 - SQL Injection vulnerability
Administrator SQL Injection in Popup box = 6.0.1 versions...
WordPress Popup box plugin <= 6.0.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Popup box versions = 6.0.1...
WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Popup versions = 1.4.3...