CVE-2026-48885 WordPress HollerBox plugin <= 2.3.10.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in HollerBox = 2.3.10.1 versions...

CVE-2026-48885

CVE-2026-48885 concerns a Cross-Site Scripting (XSS) vulnerability in the WordPress HollerBox plugin for versions ≤ 2.3.10.1. The issue is described as unauthenticated XSS. The PatchStack entry assigns a CVSS v3.1 base score of 7.1 (HIGH), with network attack vector, no privileges required, user ...

CVE-2023-41657

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Groundhogg Inc. HollerBox plugin = 2.3.2 versions...

CVE-2023-41657

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Groundhogg Inc. HollerBox plugin = 2.3.2 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Groundhogg Inc. HollerBox plugin = 2.3.2 versions...

CVE-2023-41657

CVE-2023-41657 describes an Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in the Groundhogg HollerBox WordPress plugin, affecting versions

CVE-2023-2111 HollerBox < 2.1.4 - Admin+ SQL Injection

The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's...

WordPress HollerBox Plugin <= 2.1.3 is vulnerable to SQL Injection

Software HollerBox Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2111 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 81f314d3ef98 Credits rSolutions Security Team Required privilege Administrato...