132 matches found
CVE-2023-44228
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Onclick show popup plugin = 8.1 versions...
CVE-2023-24394
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy iframe popup plugin = 3.3 versions...
CVE-2023-0924
The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install...
CVE-2023-23641
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WPmanage Uji Popup plugin = 1.4.3 versions...
CVE-2023-24406
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Muneeb ur Rehman Simple PopUp plugin = 1.8.6 versions...
CVE-2023-46824
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin = 1.7.14 versions...
CVE-2022-2305
The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-1750
The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popuptitle' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin level capabilities an...
CVE-2021-24275
The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue...
CVE-2017-20065
A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2019-15867
The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13 password for the slickpopupteam account, after a Subscriber calls a certain AJAX action...
CVE-2015-10095
A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2 on WordPress. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.3...
CVE-2025-39397 WordPress Anything Popup plugin <= 7.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in [email protected] Anything Popup allows Reflected XSS. This issue affects Anything Popup: from n/a through 7.3...
WordPress Login/Signup Popup ( Inline Form + Woocommerce ) plugin <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via xooelaction Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Login/Signup Popup versions = 2.8.5...
WordPress Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation vulnerability
Missing Authorization to Unauthenticated DB Table Truncation vulnerability discovered by Lucio Sá in WordPress Plugin Popup – MailChimp, GetResponse and ActiveCampaign Intergrations versions = 3.2.6...
CVE-2024-12157
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upcdeletedbrecord' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-12158 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upcdeletedbdata' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated...
CVE-2024-12157 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Unauthenticated SQL Injection
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upcdeletedbrecord' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of...
WordPress plugin Popup 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-11427
The Catch Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catch-popup' shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...