25 matches found
CVE-2022-0214
The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog...
EUVD-2022-44597
Malicious code in bioql PyPI...
EUVD-2022-15416
Malicious code in bioql PyPI...
CVE-2022-41403
OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/sonewlettercustompopup/newsletter...
CVE-2022-41403
OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/sonewlettercustompopup/newsletter...
CVE-2022-41403
OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/sonewlettercustompopup/newsletter...
CVE-2022-41403
OpenCart 3.x Newsletter Custom Popup contains a SQL injection vulnerability in the email parameter of the endpoint index.php?route=extension/module/so_newletter_custom_popup/newsletter. The CVE-2022-41403 entry is rated CRITICAL (CVSSv3.1: 9.8) with network attack vector, no authentication, and h...
OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection Vulnerability
Exploit Title: OpenCart v3.x So Newsletter Custom Popup Module - Blind SQL Injection Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link:...
OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection
Exploit Title: OpenCart v3.x So Newsletter Custom Popup Module - Blind SQL Injection Date: 18/09/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link:...
WP Popup Builder < 1.2.9 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting The custom-popup parameter needs to be the ID of an existing popup https://example.com/wp-admin/admin.php?page=wppb&pos-name=xxx"alert%2FXSS%2F%3B&custom-popup=1...
WordPress Custom Popup plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Custom Popup plugin 1.3.1 and earlier versions have a security vulnerability that stems from...
CVE-2022-28612
Improper Access Control vulnerability leading to multiple Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerabilities in Muneeb's Custom Popup Builder plugin = 1.3.1 at WordPress...
CVE-2022-28612
Improper Access Control vulnerability leading to multiple Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerabilities in Muneeb's Custom Popup Builder plugin = 1.3.1 at WordPress...
Improper access control
Improper Access Control vulnerability leading to multiple Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerabilities in Muneeb's Custom Popup Builder plugin = 1.3.1 at WordPress...
WordPress plugin Custom Popup 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Custom Popup plugin 1.3.1 and earlier versions have a security vulnerability that stems from...
Custom Popup Builder <= 1.3.1 - Contributor+ Stored Cross-Site Scripting
The plugin does have proper authorisation in place, and does not sanitise as well as escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
WordPress Custom Popup Builde plugin denial of service vulnerability
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. A denial of service vulnerability exists in versions of the WordPress Custom Popup Builde plugin prior to 1.3.1,...
CVE-2022-0214
The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog...
CVE-2022-0214
The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog...
Denial of service
The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog...