200 matches found
CVE-2026-57631
Administrator SQL Injection in Popup box = 6.0.1 versions...
CVE-2026-57631 WordPress Popup box plugin <= 6.0.1 - SQL Injection vulnerability
Administrator SQL Injection in Popup box = 6.0.1 versions...
CVE-2026-57631
CVE-2026-57631 affects the WordPress Popup box plugin (versions
EUVD-2026-39747
Administrator SQL Injection in Popup box = 6.0.1 versions...
WordPress Popup box plugin <= 6.0.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Popup box versions = 6.0.1...
EUVD-2026-37635
Unauthenticated Cross Site Scripting XSS in Popup box = 6.2.9 versions...
CVE-2026-54192
Unauthenticated Cross Site Scripting XSS in Popup box = 6.2.9 versions...
CVE-2026-54192 WordPress Popup box plugin <= 6.2.9 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Popup box = 6.2.9 versions...
CVE-2026-54192
This entry covers CVE-2026-54192: unauthenticated Reflected XSS in the WordPress Popup box plugin (<= 6.2.9). The descriptor indicates an XSS vulnerability when loading or handling inputs in affected plugin paths, with a CVSS v3.1 base score of 7.1 (HIGH) and user interaction required. The pro...
CVE-2025-15611
The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...
WordPress Popup Box AYS Pro plugin < 5.5.0 - Admin+ Stored Cross-Site Scripting (XSS) via CSRF vulnerability
Admin+ Stored Cross-Site Scripting XSS via CSRF vulnerability discovered by Spider Sec Ltd in WordPress Plugin Popup box versions 5.5.0...
EUVD-2025-209259
The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...
CVE-2025-15611
The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...
CVE-2025-15611
The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...
CVE-2025-15611 Popup Box AYS Pro < 5.5.0 - Admin+ Stored Cross-Site Scripting (XSS) via CSRF
The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...
CVE-2025-15611 Popup Box AYS Pro < 5.5.0 - Admin+ Stored Cross-Site Scripting (XSS) via CSRF
The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...
CVE-2025-15611
The CVE-2025-15611 vulnerability affects the Popup Box WordPress plugin prior to 5.5.0, where add_or_edit_popupbox() (and variants such as add or edit popupbox) fails to validate nonces, enabling CSRF. This allows unauthenticated attackers to craft requests that, when an authenticated admin visit...
PT-2026-30795
The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add or edit popupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can crea...
WordPress plugin Popup Box 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
CVE-2025-68526
Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through = 1.6.1...