62 matches found
WordPress plugin Popup box 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...
WordPress Popup Box plugin <= 4.1.2 - CSRF to XSS vulnerability
CSRF to XSS vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Popup box versions = 4.1.2...
WordPress Popup Box plugin < 2.2.7 - Popup Deletion via CSRF vulnerability
Popup Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Popup Box versions 2.2.7...
WordPress plugin Popup Box 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-26178 · WordPress · Popup Box
Name of the Vulnerable Software and Affected Versions: The Popup Box WordPress plugin versions prior to 2.2.7 Description: The issue is related to the lack of CSRF checks in some bulk actions, which could allow attackers to make logged-in admins perform unwanted actions, such as deleting popups v...
PT-2024-15016 · WordPress · Popup Box
Name of the Vulnerable Software and Affected Versions: Popup Box WordPress plugin versions prior to 20.9.0 Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks even when unfiltered html is disallowed, due to the plugin not sanitizing and...
CVE-2023-5809
The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin Popup box security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
CVE-2023-5343
The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
Popup box < 3.8.6 - Admin+ Stored XSS in Categories
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Popup Box Categories" 2...
CVE-2023-4390
The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...
CVE-2023-27414
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Popup Box Team Popup box plugin = 3.4.4 versions...
CVE-2023-27414
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Popup Box Team Popup box plugin = 3.4.4 versions...
PT-2023-21102 · Popup Box Team · Popup Box Plugin
Name of the Vulnerable Software and Affected Versions: Popup Box Team Popup box plugin versions prior to 3.4.4 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker could potentially inject malicious scripts into the website,...
WordPress Popup box Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)
Software Popup box Type Plugin Vulnerable versions = 3.4.4 Fixed in 3.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27414 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 356c29098000 Credits Nguyen Xuan Chien...
WordPress Popup Box plugin local file inclusion vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Pop...
Design/Logic Flaw
Authenticated administrator or higher role Local File Inclusion LFI vulnerability in Wow-Company's Popup Box plugin = 2.1.2 at WordPress...
CVE-2022-29445
CVE-2022-29445 affects the WordPress Popup Box plugin (versions ≤ 2.1.2). The issue is an Authenticated Local File Inclusion (LFI) vulnerability that arises because the plugin (likely in the include path logic) does not properly validate the current tab before including a file, enabling an admini...
WordPress plugin Popup Box 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Pop...