CVE-2017-12947

classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators...

WordPress Feedback Modal for Website plugin <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via 'export_data' Parameter vulnerability

Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via 'exportdata' Parameter vulnerability discovered by Legion Hunter in WordPress Plugin Feedback Modal for Website versions = 1.0.1...

EUVD-2017-4471

Malware in sbrugna...

EUVD-2017-4470

Malware in sbrugna...

EUVD-2023-0714

Malicious code in bioql PyPI...

CVE-2017-12946

classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators...

CVE-2025-22551 WordPress Boot-Modal plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in albedo0 Boot-Modal boot-modal allows Stored XSS.This issue affects Boot-Modal: from n/a through = 1.9.1...

CVE-2025-22551

CVE-2025-22551 affects Boot-Modal ( Julien Crego ) where improper neutralization of input during web page generation enables Stored XSS. Affected versions: up to 1.9.1. Red Hat and Wordfence entries confirm the issue and indicate it has been patched in Boot-Modal. Remediation: update to the patch...

WordPress Boot-Modal plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Boot-Modal versions = 1.9.1...

WordPress Media Modal plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Media Modal versions = 1.0.2...

CVE-2024-5668

The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

GHSA-H685-83W4-3PH3 iziModal Cross-site Scripting vulnerability

iziModal is a modal plugin with jQuery. Versions prior to 1.6.1 are vulnerable to cross-site scripting XSS when handling untrusted modal titles. An attacker who is able to influence the field title when creating a iziModal instance is able to supply arbitrary html or javascript code that will be...

Cross site scripting

iziModal is a modal plugin with jQuery. Versions prior to 1.6.1 are vulnerable to cross-site scripting XSS when handling untrusted modal titles. An attacker who is able to influence the field title when creating a iziModal instance is able to supply arbitrary html or javascript code that will be...

CVE-2021-32860

The CVE-2021-32860 issue affects the jQuery modal plugin iziModal (versions prior to 1.6.1). It describes an XSS vulnerability where untrusted modal titles can be exploited to inject arbitrary HTML/JavaScript code executed in the user context. The root cause is lack of validation/escaping for the...

WordPress Modal Dialog Plugin <= 3.5.9 is vulnerable to Cross Site Scripting (XSS)

Software Modal Dialog Type Plugin Vulnerable versions = 3.5.9 Fixed in 3.5.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24001 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9eee5fac62a6 Credits Rio Darmawan Required...

WordPress Easy Modal Plugin SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . Easy Modal plugin is one of the pop-up window plugin . A SQL injection vulnerability exists in the...

CVE-2017-12946

classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators...

CVE-2017-12947

classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators...

CVE-2017-12946

classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators...

Easy Modal <= 2.0.17 - Authenticated SQL Injection

This can only be exploited by a user who already has access to the admin with a valid nonce. During the security analysis, ThunderScan discovered SQL injection vulnerabilities in the Easy Modal WordPress Plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while bei...