CVE-2021-33326

Cross-site scripting XSS vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the title of a modal window...

WordPress Ocean Modal Window plugin < 2.3.3 - Editor+ Remote Code Execution vulnerability

Editor+ Remote Code Execution vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin Ocean Modal Window versions 2.3.3...

CVE-2025-13307

The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under user-controlled conditions that Editors and Administrators can set editpages capability. The conditions are then executed as part of an eval...

EUVD-2025-204450

The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under user-controlled conditions that Editors and Administrators can set editpages capability. The conditions are then executed as part of an eval...

CVE-2025-13307 Ocean Modal Window < 2.3.3 - Editor+ Remote Code Execution via Modal Conditions

The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under user-controlled conditions that Editors and Administrators can set editpages capability. The conditions are then executed as part of an eval...

CVE-2025-13307 Ocean Modal Window < 2.3.3 - Editor+ Remote Code Execution via Modal Conditions

The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under user-controlled conditions that Editors and Administrators can set editpages capability. The conditions are then executed as part of an eval...

CVE-2025-13307

CVE-2025-13307 affects the Ocean Modal Window WordPress plugin (versions before 2.3.3). The vulnerability arises from modal display logic that can be triggered by user-controlled conditions set by Editors/Administrators (edit_pages capability). These conditions are evaluated in an eval statement ...

PT-2025-52413

Name of the Vulnerable Software and Affected Versions Ocean Modal Window WordPress plugin versions prior to 2.3.3 Description The Ocean Modal Window WordPress plugin is affected by a Remote Code Execution issue. The issue is related to the modal display logic, where user-controlled conditions set...

WordPress plugin Ocean Modal Window 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost version 5.13.0 and earlier, which stems from improper modal window management, and could allow an attacker to deny users access to a desktop application by...

EUVD-2021-11963

Malware in sbrugna...

EUVD-2024-27406

Malicious code in bioql PyPI...

EUVD-2025-3909

Malicious code in bioql PyPI...

EUVD-2023-57498

Malicious code in bioql PyPI...

EUVD-2024-40235

Malicious code in bioql PyPI...

CVE-2025-24717

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Modal Window modal-window allows Cross Site Request Forgery.This issue affects Modal Window: from n/a through = 6.1.4...

CVE-2024-43346

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3...

CVE-2024-3472

The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack...

CVE-2025-0897

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-0897

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...