WP Popups - Information Disclosure

WP Popups - WordPress Popup builder plugin for WordPress contains a full path disclosure caused by using mobiledetect without access restrictions, letting unauthenticated attackers retrieve server paths, exploit requires no specific conditions. id: CVE-2024-6555 info: name: WP Popups - Informatio...

CVE-2026-12120 FireBox Popups <= 3.1.7 - Unauthenticated Sensitive Information Exposure in 'form_id' Parameter

The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'formid' parameter. This makes it possible for unauthenticated attackers to extract download a full CSV export of a...

CVE-2026-12120

The CVE-2026-12120 entry describes a vulnerability in the WordPress plugin FireBox Popups – Increase Sales and Grow Your Email List. Affected versions are all up to and including 3.1.7, with exploitation via the form_id parameter allowing unauthenticated attackers to retrieve a full CSV export of...

WordPress FireBox Popups – Increase Sales and Grow Your Email List plugin <= 3.1.7 - Unauthenticated Sensitive Information Exposure in 'form_id' Parameter vulnerability

Unauthenticated Sensitive Information Exposure in 'formid' Parameter vulnerability discovered by Duc Manh in WordPress Plugin FireBox versions = 3.1.7...

EUVD-2026-30757

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling window.open'javascript:alert';. Mattermost Advisory ID: MMSA-2026-00...

DeepChat 输入验证错误漏洞

DeepChat is an intelligent assistant developed by ThinkInAIXYZ as open source. Versions of DeepChat prior to v1.0.4-beta.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from incomplete mitigation measures for CVE-2025-55733. Although the patch correctly...

Astra Linux – Vulnerability in Firefox, Thunderbird

If an attacker could control the contents of an iframe that was sandboxed using allow-popups but not allow-scripts, they could create a link that, when clicked, would cause JavaScript execution, violating the sandboxing rules. This vulnerability affects Firefox 98, Firefox ESR 91.7, and Thunderbi...

Astra Linux – Vulnerability in Firefox and Thunderbird

When reusing existing popups, Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

Astra Linux – Vulnerability in Firefox, Thunderbird

In several cases, browser prompts might have been obscured by pop-ups controlled by content. This could lead to potential user confusion and spoofing attacks. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

WordPress plugin HubSpot All-In-One Marketing - Forms, Popups, Live Chat 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-69993

A flaw was found in Leaflet. This Cross-Site Scripting XSS vulnerability exists in the bindPopup method, which fails to sanitize user-supplied input. A remote attacker can exploit this by injecting malicious JavaScript code into map popups. When a victim views an affected map, the injected script...

UBUNTU-CVE-2025-69993

Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...

WordPress Hustle - Email Marketing, Lead Generation, Optins, Popups plugin <= 7.8.10.2 - Missing Authorization to Unauthenticated Conversion Tracking Data Manipulation vulnerability

WordPress Hustle - Email Marketing, Lead Generation, Optins, Popups plugin = 7.8.10.2 - Missing Authorization to Unauthenticated Conversion Tracking Data Manipulation vulnerability discovered by Nguyen C in WordPress Plugin Hustle versions = 7.8.10.2...

Fedora 42 : firefox (2026-a026a1b0c5)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a026a1b0c5 advisory. - Fix blurry popups on some fraction scales mzbz2019668 Tenable has extracted the preceding description block directly from the Fedora security...

CVE-2026-25016

Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Popups: from n/a through = 1.3.5...

CVE-2026-25016

Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Popups: from n/a through = 1.3.5...

CVE-2026-25016 WordPress Nelio Popups plugin <= 1.3.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Popups: from n/a through = 1.3.5...

CVE-2026-25016

Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Popups: from n/a through = 1.3.5...

CVE-2026-25016 WordPress Nelio Popups plugin <= 1.3.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Popups: from n/a through = 1.3.5...

CVE-2026-25016

CVE-2026-25016 concerns the Nelio Popups WordPress plugin. The issue is a Missing Authorization vulnerability caused by incorrectly configured access control, affecting Nelio Popups versions up to and including 1.3.5. Wordfence and CVE listings identify the flaw and note that a fix exists in newe...