Lucene search
+L

132 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:38 a.m.8 views

CVE-2023-44228

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Onclick show popup plugin = 8.1 versions...

5.9CVSS5.6AI score0.00382EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/05/23 4:36 a.m.8 views

CVE-2023-24394

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy iframe popup plugin = 3.3 versions...

5.9CVSS5.6AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:57 a.m.5 views

CVE-2023-0924

The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install...

7.2CVSS7.2AI score0.00962EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:41 a.m.11 views

CVE-2023-23641

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WPmanage Uji Popup plugin = 1.4.3 versions...

6.5CVSS4.9AI score0.00361EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:57 a.m.8 views

CVE-2023-24406

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Muneeb ur Rehman Simple PopUp plugin = 1.8.6 versions...

5.9CVSS5.6AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:43 a.m.9 views

CVE-2023-46824

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin = 1.7.14 versions...

5.9CVSS5.1AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:44 a.m.9 views

CVE-2022-2305

The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00511EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:5 p.m.11 views

CVE-2022-1750

The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popuptitle' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin level capabilities an...

5.5CVSS5.8AI score0.00526EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:1 p.m.8 views

CVE-2021-24275

The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue...

6.1CVSS6.1AI score0.18165EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:47 a.m.14 views

CVE-2017-20065

A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

4.3CVSS6.8AI score0.00685EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:27 a.m.7 views

CVE-2019-15867

The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13 password for the slickpopupteam account, after a Subscriber calls a certain AJAX action...

8.8CVSS7.2AI score0.02071EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:39 a.m.7 views

CVE-2015-10095

A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2 on WordPress. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.3...

6.1CVSS6.3AI score0.00607EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/24 4:8 p.m.7 views

CVE-2025-39397 WordPress Anything Popup plugin <= 7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in [email protected] Anything Popup allows Reflected XSS. This issue affects Anything Popup: from n/a through 7.3...

7.1CVSS7AI score0.00257EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/19 11:2 p.m.6 views

WordPress Login/Signup Popup ( Inline Form + Woocommerce ) plugin <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via xooelaction Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Login/Signup Popup versions = 2.8.5...

6.4CVSS5.8AI score0.00258EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/07 7:14 a.m.8 views

WordPress Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation vulnerability

Missing Authorization to Unauthenticated DB Table Truncation vulnerability discovered by Lucio Sá in WordPress Plugin Popup – MailChimp, GetResponse and ActiveCampaign Intergrations versions = 3.2.6...

5.3CVSS7AI score0.00329EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/01/07 5:15 a.m.10 views

CVE-2024-12157

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upcdeletedbrecord' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS0.00977EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/07 4:22 a.m.6 views

CVE-2024-12158 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upcdeletedbdata' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated...

5.3CVSS6.8AI score0.00329EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/07 4:21 a.m.257 views

CVE-2024-12157 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Unauthenticated SQL Injection

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upcdeletedbrecord' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS0.00977EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.7 views

WordPress plugin Popup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS7.8AI score0.00329EPSS
Exploits0References2
NVD
NVD
added 2024/12/12 4:15 a.m.21 views

CVE-2024-11427

The Catch Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catch-popup' shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.0044EPSS
Exploits0References3
Rows per page
Query Builder