Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

RedhatCVE
RedhatCVEadded 2026/03/08 7:56 a.m.4 views

CVE-2026-2420

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS5.7AI score0.00039EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/07 9:30 a.m.4 views

EUVD-2026-10136

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS5.7AI score0.00039EPSS
Exploits0References4
NVD
NVDadded 2026/03/07 8:16 a.m.2 views

CVE-2026-2420

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS0.00039EPSS
Exploits0References3
CVE
CVEadded 2026/03/07 7:22 a.m.5 views

CVE-2026-2420

CVE-2026-2420 (LotekMedia Popup Form, WordPress) : Stored XSS in plugin settings affecting all versions up to 1.0.6. Exploitation requires Administrator+ privileges; payload executes on frontend pages displaying the popup. Connected docs confirm the issue and affected version range; no explicit f...

4.4CVSS5.7AI score0.00039EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/03/07 7:22 a.m.2 views

CVE-2026-2420 LotekMedia Popup Form <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS5.7AI score0.00039EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/07 7:22 a.m.31 views

CVE-2026-2420 LotekMedia Popup Form <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS0.00039EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/03/07 7:22 a.m.2 views

CVE-2026-2420

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS5.7AI score0.00039EPSS
Exploits0References4
Patchstack
Patchstackadded 2026/03/07 2:32 a.m.4 views

WordPress LotekMedia Popup Form plugin <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by Hieus in WordPress Plugin LotekMedia Popup Form versions = 1.0.6...

4.4CVSS5.8AI score0.00039EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2026/03/07 12:0 a.m.3 views

WordPress plugin LotekMedia Popup Form 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.4CVSS5.8AI score0.00039EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/01/09 9:32 a.m.2 views

CVE-2023-25465

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy wp tell a friend popup form plugin = 7.1 versions...

5.9CVSS5.3AI score0.00079EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-28516

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/06/29 2:26 p.m.6 views

CVE-2025-53325

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dilip kumar Beauty Contact Popup Form beauty-contact-popup-form allows Stored XSS.This issue affects Beauty Contact Popup Form: from n/a through = 6.0...

5.9CVSS5.9AI score0.0017EPSS
Exploits0References1
NVD
NVDadded 2025/06/27 2:15 p.m.3 views

CVE-2025-53325

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dilip kumar Beauty Contact Popup Form beauty-contact-popup-form allows Stored XSS.This issue affects Beauty Contact Popup Form: from n/a through = 6.0...

5.9CVSS0.0017EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/06/27 1:21 p.m.2 views

CVE-2025-53325 WordPress Beauty Contact Popup Form plugin <= 6.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dilip kumar Beauty Contact Popup Form beauty-contact-popup-form allows Stored XSS.This issue affects Beauty Contact Popup Form: from n/a through = 6.0...

5.9CVSS5.2AI score0.0017EPSS
Exploits0References1
CVE
CVEadded 2025/06/27 1:21 p.m.15 views

CVE-2025-53325

CVE-2025-53325 describes a stored XSS in the WordPress plugin Beauty Contact Popup Form (versions n/a through 6.0) due to improper input neutralization during page generation. Affected software: Beauty Contact Popup Form. Root cause: improper sanitization leading to stored XSS. Impact: stored cro...

5.9CVSS5.9AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/06/27 1:21 p.m.8 views

CVE-2025-53325 WordPress Beauty Contact Popup Form plugin <= 6.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dilip kumar Beauty Contact Popup Form beauty-contact-popup-form allows Stored XSS.This issue affects Beauty Contact Popup Form: from n/a through = 6.0...

5.9CVSS0.0017EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/06/27 12:0 a.m.1 views

PT-2025-27220 · Unknown · Beauty Contact Popup Form

Name of the Vulnerable Software and Affected Versions: Dilip kumar Beauty Contact Popup Form versions n/a through 6.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS in the Beauty Contact...

5.9CVSS5.8AI score0.0017EPSS
Exploits0References4
Prion
Prionadded 2024/01/11 9:15 a.m.10 views

Cross site scripting

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arfhttpreferrerurl’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This...

5.8CVSS6.2AI score0.01095EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2023/10/03 11:15 a.m.17 views

CVE-2023-25463

Cross-Site Request Forgery CSRF vulnerability in Gopi Ramasamy WP tell a friend popup form plugin = 7.1 versions...

8.8CVSS6.4AI score0.00106EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/10/03 10:27 a.m.17 views

CVE-2023-25463 WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Gopi Ramasamy WP tell a friend popup form plugin = 7.1 versions...

5.4CVSS7AI score0.00106EPSS
Exploits0References1
Rows per page
Query Builder