Lucene search
+L

62 matches found

CNNVD
CNNVD
added 2024/05/06 12:0 a.m.9 views

WordPress plugin Popup box 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

7.1CVSS6.5AI score0.00184EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/05/03 11:8 a.m.6 views

WordPress Popup Box plugin <= 4.1.2 - CSRF to XSS vulnerability

CSRF to XSS vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Popup box versions = 4.1.2...

7.1CVSS6.4AI score0.00184EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/05/02 6:47 a.m.5 views

WordPress Popup Box plugin < 2.2.7 - Popup Deletion via CSRF vulnerability

Popup Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Popup Box versions 2.2.7...

4.3CVSS7AI score0.00277EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.8 views

WordPress plugin Popup Box 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS6.5AI score0.00277EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/05/01 12:0 a.m.5 views

PT-2024-26178 · WordPress · Popup Box

Name of the Vulnerable Software and Affected Versions: The Popup Box WordPress plugin versions prior to 2.2.7 Description: The issue is related to the lack of CSRF checks in some bulk actions, which could allow attackers to make logged-in admins perform unwanted actions, such as deleting popups v...

4.3CVSS6.2AI score0.00277EPSS
Exploits2References9
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.4 views

PT-2024-15016 · WordPress · Popup Box

Name of the Vulnerable Software and Affected Versions: Popup Box WordPress plugin versions prior to 20.9.0 Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks even when unfiltered html is disallowed, due to the plugin not sanitizing and...

4.8CVSS6.3AI score0.0048EPSS
Exploits3References8
OSV
OSV
added 2023/12/04 10:15 p.m.4 views

CVE-2023-5809

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.0045EPSS
Exploits2References1
Prion
Prion
added 2023/12/04 10:15 p.m.23 views

Cross site scripting

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.9AI score0.0045EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/12/04 12:0 a.m.6 views

WordPress plugin Popup box security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

4.8CVSS5.8AI score0.0045EPSS
Exploits2References1
OSV
OSV
added 2023/11/20 7:15 p.m.6 views

CVE-2023-5343

The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS5.8AI score0.00451EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/11/13 12:0 a.m.13 views

Popup box < 3.8.6 - Admin+ Stored XSS in Categories

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Popup Box Categories" 2...

4.8CVSS5.9AI score0.0045EPSS
Exploits2Affected Software1
OSV
OSV
added 2023/10/31 2:15 p.m.6 views

CVE-2023-4390

The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

4.8CVSS5.9AI score0.00402EPSS
Exploits2References1
OSV
OSV
added 2023/06/21 2:15 p.m.3 views

CVE-2023-27414

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Popup Box Team Popup box plugin = 3.4.4 versions...

6.1CVSS6.8AI score0.00408EPSS
Exploits0References1
NVD
NVD
added 2023/06/21 2:15 p.m.12 views

CVE-2023-27414

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Popup Box Team Popup box plugin = 3.4.4 versions...

7.1CVSS6.2AI score0.00408EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/21 12:0 a.m.6 views

PT-2023-21102 · Popup Box Team · Popup Box Plugin

Name of the Vulnerable Software and Affected Versions: Popup Box Team Popup box plugin versions prior to 3.4.4 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker could potentially inject malicious scripts into the website,...

7.1CVSS6.1AI score0.00408EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/03/08 12:0 a.m.10 views

WordPress Popup box Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Popup box Type Plugin Vulnerable versions = 3.4.4 Fixed in 3.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27414 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 356c29098000 Credits Nguyen Xuan Chien...

7.1CVSS5.6AI score0.00408EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2022/05/19 12:0 a.m.111 views

WordPress Popup Box plugin local file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Pop...

7.2CVSS1.1AI score0.01021EPSS
Exploits0References1
Prion
Prion
added 2022/05/18 5:15 p.m.14 views

Design/Logic Flaw

Authenticated administrator or higher role Local File Inclusion LFI vulnerability in Wow-Company's Popup Box plugin = 2.1.2 at WordPress...

6.5CVSS6.9AI score0.01021EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/05/18 4:39 p.m.84 views

CVE-2022-29445

CVE-2022-29445 affects the WordPress Popup Box plugin (versions ≤ 2.1.2). The issue is an Authenticated Local File Inclusion (LFI) vulnerability that arises because the plugin (likely in the include path logic) does not properly validate the current tab before including a file, enabling an admini...

7.2CVSS6.8AI score0.01021EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/05/18 12:0 a.m.4 views

WordPress plugin Popup Box 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Pop...

7.2CVSS5.6AI score0.01021EPSS
Exploits0References3
Rows per page
Query Builder