Lucene search
+L

474 matches found

CNNVD
CNNVD
added 2025/02/22 12:0 a.m.2 views

WordPress plugin Responsive Modal Builder for High Conversion – Easy Popups 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Responsive Modal...

7.1CVSS7.9AI score0.00211EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/14 1:34 p.m.4 views

WordPress Responsive Modal Builder for High Conversion – Easy Popups plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Responsive Modal Builder for High Conversion – Easy Popups versions = 1.5.0...

7.1CVSS6.1AI score0.00211EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 10:25 a.m.5 views

CVE-2024-12627

The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.5 via deserialization of untrusted input from post content passed to the captureemail AJAX action. This...

7.5CVSS7.2AI score0.0054EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:20 a.m.9 views

CVE-2024-47645

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Danish Ali Malik Top Bar – PopUps – by WPOptin wpoptin allows PHP Local File Inclusion.This issue affects Top Bar – PopUps – by WPOptin: from n/a through = 2.0.1...

7.5CVSS5.9AI score0.00481EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/02 4:8 p.m.6 views

WordPress WPOptin plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Top Bar – PopUps – by WPOptin versions = 2.0.8...

7.1CVSS6.1AI score0.00276EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2025/01/27 10:0 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS at the /admin/compass endpoint, which passes data from GET requests to the index function. This function can return unsanitized text in error message popups when it receives a file deletion request. As a result,...

6.1CVSS5.3AI score0.24095EPSS
Exploits1References2
NVD
NVD
added 2025/01/11 3:15 a.m.6 views

CVE-2024-12204

The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to, and including, 1.3.5. This makes it...

5.4CVSS0.00242EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/11 2:20 a.m.14 views

CVE-2024-12204 Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization

The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to, and including, 1.3.5. This makes it...

5.4CVSS0.00242EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/25 4:22 a.m.27 views

CVE-2024-12636 Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.2.7 - Cross-Site Request Forgery

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.6. This is due to missing or incorrect nonce validation on the 'createpopupdeleteprocess' functio...

4.3CVSS0.00167EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/25 12:0 a.m.4 views

WordPress plugin WP Legal Pages 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS8.1AI score0.00167EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/27 6:41 a.m.10 views

CVE-2024-10580 Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unauthorized Form Submission

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submitform function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submi...

5.3CVSS5.4AI score0.00379EPSS
Exploits0References3
OSV
OSV
added 2024/11/09 4:39 p.m.28 views

SUSE-SU-2024:3963-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: - Update to upstream tag jdk-17.0.13+11 October 2024 CPU Security fixes + JDK-8307383: Enhance DTLS connections + JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system...

4.8CVSS6AI score0.01157EPSS
Exploits0References9
Cvelist
Cvelist
added 2024/10/16 1:35 p.m.26 views

CVE-2024-47645 WordPress WPOptin plugin <= 2.0.1 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Danish Ali Malik Top Bar – PopUps – by WPOptin wpoptin allows PHP Local File Inclusion.This issue affects Top Bar – PopUps – by WPOptin: from n/a through = 2.0.1...

7.5CVSS0.00481EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.7 views

WordPress plugin Top Bar – PopUps 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Top Bar - PopUps A path...

7.5CVSS6.7AI score0.00481EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/10/03 6:18 p.m.4 views

firefox: thunderbird: External protocol handlers could be enumerated via popups

The Mozilla Foundation's Security Advisory: By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed...

5.3CVSS7.3AI score0.00561EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/10/03 11:30 a.m.4 views

firefox: thunderbird: External protocol handlers could be enumerated via popups

The Mozilla Foundation's Security Advisory: By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed...

5.3CVSS7.3AI score0.00561EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/10/02 6:44 p.m.7 views

firefox: thunderbird: External protocol handlers could be enumerated via popups

The Mozilla Foundation's Security Advisory: By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed...

5.3CVSS7.3AI score0.00561EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/09/30 12:34 p.m.5 views

WordPress WPOptin plugin <= 2.0.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin Top Bar – PopUps – by WPOptin versions = 2.0.1...

7.5CVSS7.1AI score0.00481EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/09/08 6:15 a.m.33 views

CVE-2024-6853

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack...

6.5CVSS0.00216EPSS
Exploits1References1
OSV
OSV
added 2024/09/08 6:15 a.m.4 views

CVE-2024-6855

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack...

4.3CVSS5.8AI score0.00201EPSS
Exploits1References1
Rows per page
Query Builder