Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

195 matches found

EUVD
EUVDadded last week4 views

EUVD-2026-37635

Unauthenticated Cross Site Scripting XSS in Popup box = 6.2.9 versions...

7.1CVSS5.2AI score0.00192EPSS
Exploits0References2
NVD
NVDadded 2026/06/17 1:20 p.m.7 views

CVE-2026-54192

Unauthenticated Cross Site Scripting XSS in Popup box = 6.2.9 versions...

7.1CVSS0.00192EPSS
Exploits0References1
CVE
CVEadded 2026/06/17 9:51 a.m.22 views

CVE-2026-54192

This entry covers CVE-2026-54192: unauthenticated Reflected XSS in the WordPress Popup box plugin (<= 6.2.9). The descriptor indicates an XSS vulnerability when loading or handling inputs in affected plugin paths, with a CVSS v3.1 base score of 7.1 (HIGH) and user interaction required. The pro...

7.1CVSS5.1AI score0.00192EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/17 9:51 a.m.28 views

CVE-2026-54192 WordPress Popup box plugin <= 6.2.9 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Popup box = 6.2.9 versions...

7.1CVSS0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:51 p.m.7 views

CVE-2025-15611

The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...

5.4CVSS5.6AI score0.00136EPSS
Exploits1References1
Patchstack
Patchstackadded 2026/04/08 7:38 a.m.4 views

WordPress Popup Box AYS Pro plugin < 5.5.0 - Admin+ Stored Cross-Site Scripting (XSS) via CSRF vulnerability

Admin+ Stored Cross-Site Scripting XSS via CSRF vulnerability discovered by Spider Sec Ltd in WordPress Plugin Popup box versions 5.5.0...

5.4CVSS5.9AI score0.00136EPSS
Exploits1References1Affected Software1
EUVD
EUVDadded 2026/04/07 9:31 a.m.3 views

EUVD-2025-209259

The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...

5.4CVSS6AI score0.00136EPSS
Exploits1References2
NVD
NVDadded 2026/04/07 7:16 a.m.1 views

CVE-2025-15611

The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...

5.4CVSS0.00136EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/04/07 6:0 a.m.3 views

CVE-2025-15611

The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...

6AI score0.00136EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/04/07 6:0 a.m.16 views

CVE-2025-15611 Popup Box AYS Pro < 5.5.0 - Admin+ Stored Cross-Site Scripting (XSS) via CSRF

The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...

0.00136EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/04/07 6:0 a.m.1 views

CVE-2025-15611 Popup Box AYS Pro < 5.5.0 - Admin+ Stored Cross-Site Scripting (XSS) via CSRF

The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...

6AI score0.00136EPSS
Exploits1References1
CVE
CVEadded 2026/04/07 6:0 a.m.11 views

CVE-2025-15611

The CVE-2025-15611 vulnerability affects the Popup Box WordPress plugin prior to 5.5.0, where add_or_edit_popupbox() (and variants such as add or edit popupbox) fails to validate nonces, enabling CSRF. This allows unauthenticated attackers to craft requests that, when an authenticated admin visit...

5.4CVSS6AI score0.00136EPSS
Exploits1References1Affected Software1
CNNVD
CNNVDadded 2026/04/07 12:0 a.m.5 views

WordPress plugin Popup Box 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

5.4CVSS5.8AI score0.00136EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/04/07 12:0 a.m.4 views

PT-2026-30795

The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add or edit popupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can crea...

5.4CVSS6AI score0.00136EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2026/02/21 7:30 p.m.5 views

CVE-2025-68526

Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through = 1.6.1...

8.8CVSS5.5AI score0.00468EPSS
Exploits0References1
Metasploit
Metasploitadded 2026/02/20 6:55 p.m.331 views

Windows Registry Active Setup Persistence

This module will register a payload to run via the Active Setup mechanism in Windows. Active Setup is a Windows feature that runs once per user at login. It triggers in a user context, losing privileges from admin to user. Active Setup will open a popup box with "Personalized Settings" and the te...

6.1AI score
Exploits0
NVD
NVDadded 2026/02/20 4:22 p.m.4 views

CVE-2025-68526

Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through = 1.6.1...

8.8CVSS0.00468EPSS
Exploits0References1
CVE
CVEadded 2026/02/20 3:46 p.m.10 views

CVE-2025-68526

CVE-2025-68526 concerns the WordPress plugin Modal Popup Box (versions up to 1.6.1). The vulnerability is a deserialization of untrusted data leading to PHP object injection, causing full impact on confidentiality, integrity, and availability as described (CVSS 3.1 base score 8.8, high impact). A...

8.8CVSS5.5AI score0.00468EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/20 3:46 p.m.3 views

CVE-2025-68526 WordPress Modal Popup Box plugin <= 1.6.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through = 1.6.1...

5.4AI score0.00468EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/02/20 3:46 p.m.24 views

CVE-2025-68526 WordPress Modal Popup Box plugin <= 1.6.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through = 1.6.1...

8.8CVSS0.00468EPSS
Exploits0References1
Rows per page
Query Builder