Lucene search
K

4 matches found

NVD
NVD
added 2025/12/13 4:16 p.m.6 views

CVE-2025-14395

The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions e.g., popsubmit, popthemesubmit in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with subscriber-lev...

4.3CVSS0.00158EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:6 a.m.5 views

CVE-2024-11751

The TCBD Popover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd-popover-image ' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00351EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/14 4:23 a.m.6 views

CVE-2024-11751 TCBD Popover <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The TCBD Popover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd-popover-image ' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00351EPSS
Exploits0References5
OSV
OSV
added 2019/02/22 8:54 p.m.5 views

GHSA-9V3M-8FP8-MJ99 Bootstrap Vulnerable to Cross-Site Scripting

Versions of bootstrap prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting XSS. The data-template attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. Recommendation For bootstrap 4.x upgrade to...

6.1CVSS6.9AI score0.1686EPSS
Exploits1References45
Rows per page
Query Builder