Lucene search
K

25 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.3 views

CVE-2022-0214

The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog...

7.5CVSS6.7AI score0.01565EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-44597

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01052EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-15416

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01565EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:43 p.m.8 views

CVE-2022-41403

OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/sonewlettercustompopup/newsletter...

9.8CVSS8.3AI score0.01052EPSS
Exploits1References1
NVD
NVD
added 2022/10/12 6:15 p.m.16 views

CVE-2022-41403

OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/sonewlettercustompopup/newsletter...

9.8CVSS0.01052EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/10/12 12:0 a.m.11 views

CVE-2022-41403

OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/sonewlettercustompopup/newsletter...

10AI score0.01052EPSS
Exploits1References1
CVE
CVE
added 2022/10/12 12:0 a.m.72 views

CVE-2022-41403

OpenCart 3.x Newsletter Custom Popup contains a SQL injection vulnerability in the email parameter of the endpoint index.php?route=extension/module/so_newletter_custom_popup/newsletter. The CVE-2022-41403 entry is rated CRITICAL (CVSSv3.1: 9.8) with network attack vector, no authentication, and h...

9.8CVSS9.7AI score0.01052EPSS
Exploits1References1Affected Software1
0day.today
0day.today
added 2022/09/19 12:0 a.m.338 views

OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection Vulnerability

Exploit Title: OpenCart v3.x So Newsletter Custom Popup Module - Blind SQL Injection Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/19 12:0 a.m.326 views

OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection

Exploit Title: OpenCart v3.x So Newsletter Custom Popup Module - Blind SQL Injection Date: 18/09/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link:...

Exploits0
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.433 views

WP Popup Builder < 1.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting The custom-popup parameter needs to be the ID of an existing popup https://example.com/wp-admin/admin.php?page=wppb&pos-name=xxx"alert%2FXSS%2F%3B&custom-popup=1...

6.1CVSS0.1AI score0.00492EPSS
Exploits2
CNVD
CNVD
added 2022/06/17 12:0 a.m.24 views

WordPress Custom Popup plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Custom Popup plugin 1.3.1 and earlier versions have a security vulnerability that stems from...

5.4CVSS1.4AI score0.0046EPSS
Exploits0References1
OSV
OSV
added 2022/06/15 8:15 p.m.5 views

CVE-2022-28612

Improper Access Control vulnerability leading to multiple Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerabilities in Muneeb's Custom Popup Builder plugin = 1.3.1 at WordPress...

5.4CVSS5.8AI score0.0046EPSS
Exploits0References2
NVD
NVD
added 2022/06/15 8:15 p.m.14 views

CVE-2022-28612

Improper Access Control vulnerability leading to multiple Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerabilities in Muneeb's Custom Popup Builder plugin = 1.3.1 at WordPress...

5.4CVSS0.0046EPSS
Exploits0References2
Prion
Prion
added 2022/06/15 8:15 p.m.17 views

Improper access control

Improper Access Control vulnerability leading to multiple Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerabilities in Muneeb's Custom Popup Builder plugin = 1.3.1 at WordPress...

3.5CVSS5.4AI score0.0046EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/06/15 12:0 a.m.5 views

WordPress plugin Custom Popup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Custom Popup plugin 1.3.1 and earlier versions have a security vulnerability that stems from...

5.4CVSS5.3AI score0.0046EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2022/06/14 12:0 a.m.25 views

Custom Popup Builder <= 1.3.1 - Contributor+ Stored Cross-Site Scripting

The plugin does have proper authorisation in place, and does not sanitise as well as escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS3AI score0.0046EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/02/16 12:0 a.m.21 views

WordPress Custom Popup Builde plugin denial of service vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. A denial of service vulnerability exists in versions of the WordPress Custom Popup Builde plugin prior to 1.3.1,...

7.5CVSS2.3AI score0.01565EPSS
Exploits2References1
OSV
OSV
added 2022/02/14 12:15 p.m.3 views

CVE-2022-0214

The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog...

7.5CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/02/14 12:15 p.m.4 views

CVE-2022-0214

The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog...

7.5CVSS7.1AI score0.01565EPSS
Exploits2References2
Prion
Prion
added 2022/02/14 12:15 p.m.14 views

Denial of service

The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog...

5CVSS7.5AI score0.01565EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder