Lucene search
K

3378 matches found

NVD
NVD
added yesterday4 views

CVE-2026-56037

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday14 views

CVE-2026-56037 WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-56037

The CVE-2026-56037 affects Themify Popup (WordPress plugin) ≤ 1.4.3. It describes a Deserialization of Untrusted Data vulnerability that allows PHP Object Injection through deserialized data. The underlying issue is the ability to inject or manipulate objects via untrusted input, enabling high-ri...

8.8CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added yesterday24 views

WP Popup Builder Popup Forms and Marketing Lead Generation <= 1.3.5 - Arbitrary Shortcode Execution

The The WP Popup Builder Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wpajaxnoprivshortcodeApiAdd AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that...

9.8CVSS6.2AI score0.51316EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday13 views

WordPress Popup Builder <= 4.2.3 - Unauthenticated Stored XSS

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. id: CVE-2023-6000 info: name: WordPress Popup Builder = 4.2.3 - Unauthenticated Stored XSS author: riteshs4...

6.1CVSS7AI score0.01999EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday20 views

Popup by Supsystic < 1.10.9 - Subscriber Email Addresses Disclosure

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users id: CVE-2022-0424 info: name: Popup by Supsystic 1.10.9 - Subscriber Email...

5.3CVSS6AI score0.0269EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday9 views

WordPress Popup Builder < 4.0.7 - Remote Code Execution

Popup Builder WordPress plugin before 4.0.7 contains a local file inclusion caused by unsanitized 'sgpbtype' parameter in require statement, letting attackers include arbitrary local files or execute code via wrappers like PHAR, exploit requires attacker to control 'sgpbtype' parameter. id:...

8.8CVSS7.5AI score0.05365EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday148 views

Popup-Maker < 1.8.12 - Broken Authentication

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt aka the...

9.1CVSS7.3AI score0.09232EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday27 views

Popup Builder Plugin - SQL Injection and Cross-Site Scripting

The Popup Builder WordPress plugin before 4.1.1 is vulnerable to SQL Injection and Reflected XSS via the sgpb-subscription-popup-id parameter. id: CVE-2022-0479 info: name: Popup Builder Plugin - SQL Injection and Cross-Site Scripting author: ritikchaddha severity: critical description: | The Pop...

9.8CVSS7.4AI score0.4408EPSS
Exploits2
Nuclei
Nuclei
added yesterday33 views

Popup Builder < 4.0.7 - SQL Injection

The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection. id: CVE-2022-0228 info: name: Popup Builder 4.0.7 -...

7.2CVSS7.1AI score0.05839EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday27 views

Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection

The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.This makes ...

7.5CVSS7.3AI score0.47002EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday52 views

Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect

The Oracle Applications Framework component of Oracle E-Business Suite subcomponent: Popup windows lists of values, datepicker, etc. is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers...

5.8CVSS6.3AI score0.14558EPSS
Exploits4References5
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-40776

Insufficient validation of untrusted input in PopupBlocker in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00168EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago21 views

CVE-2026-14089

Insufficient validation of untrusted input in PopupBlocker in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

0.00168EPSS
Exploits0References2
NVD
NVD
added last week8 views

CVE-2026-57631

Administrator SQL Injection in Popup box = 6.0.1 versions...

7.6CVSS0.00279EPSS
Exploits0References1
CVE
CVE
added last week10 views

CVE-2026-57631

CVE-2026-57631 affects the WordPress Popup box plugin (versions

7.6CVSS5.8AI score0.00279EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2026-39747

Administrator SQL Injection in Popup box = 6.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added last week33 views

CVE-2026-57631 WordPress Popup box plugin <= 6.0.1 - SQL Injection vulnerability

Administrator SQL Injection in Popup box = 6.0.1 versions...

7.6CVSS0.00279EPSS
Exploits0References1
Patchstack
Patchstack
added last week5 views

WordPress Popup box plugin <= 6.0.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Popup box versions = 6.0.1...

7.6CVSS5.8AI score0.00279EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 1:49 p.m.5 views

WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Popup versions = 1.4.3...

8.8CVSS5.9AI score
Exploits0Affected Software1
Rows per page
Query Builder