Lucene search
K

3389 matches found

Nuclei
Nuclei
added yesterday31 views

Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection

The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.This makes ...

7.5CVSS7AI score0.46435EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday14 views

WordPress Popup Builder <= 4.2.3 - Unauthenticated Stored XSS

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. id: CVE-2023-6000 info: name: WordPress Popup Builder = 4.2.3 - Unauthenticated Stored XSS author: riteshs4...

6.1CVSS6.8AI score0.01999EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday75 views

Popup by Supsystic < 1.10.9 - Subscriber Email Addresses Disclosure

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users id: CVE-2022-0424 info: name: Popup by Supsystic 1.10.9 - Subscriber Email...

5.3CVSS6.2AI score0.02869EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday60 views

Popup Builder Plugin - SQL Injection and Cross-Site Scripting

The Popup Builder WordPress plugin before 4.1.1 is vulnerable to SQL Injection and Reflected XSS via the sgpb-subscription-popup-id parameter. id: CVE-2022-0479 info: name: Popup Builder Plugin - SQL Injection and Cross-Site Scripting author: ritikchaddha severity: critical description: | The Pop...

9.8CVSS7.1AI score0.4408EPSS
Exploits2
Nuclei
Nuclei
added yesterday166 views

Popup-Maker < 1.8.12 - Broken Authentication

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt aka the...

9.1CVSS7AI score0.0931EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday42 views

Popup Builder < 4.0.7 - SQL Injection

The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection. id: CVE-2022-0228 info: name: Popup Builder 4.0.7 -...

7.2CVSS7AI score0.05887EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday115 views

WordPress Popup Builder < 4.0.7 - Remote Code Execution

Popup Builder WordPress plugin before 4.0.7 contains a local file inclusion caused by unsanitized 'sgpbtype' parameter in require statement, letting attackers include arbitrary local files or execute code via wrappers like PHAR, exploit requires attacker to control 'sgpbtype' parameter. id:...

8.8CVSS7.2AI score0.05229EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday48 views

WP Popup Builder Popup Forms and Marketing Lead Generation <= 1.3.5 - Arbitrary Shortcode Execution

The The WP Popup Builder Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wpajaxnoprivshortcodeApiAdd AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that...

9.8CVSS6.4AI score0.51316EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday58 views

Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect

The Oracle Applications Framework component of Oracle E-Business Suite subcomponent: Popup windows lists of values, datepicker, etc. is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers...

5.8CVSS6.5AI score0.14558EPSS
Exploits4References5
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-43153

The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the contextblogmodalpopup. This makes it possible for unauthenticated attackers to extract the content of password-protected posts...

5.3CVSS6.1AI score0.00239EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-6801 Context Blog <= 1.3.5 - Unauthenticated Sensitive Information Exposure via 'postID' Parameter

The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the contextblogmodalpopup. This makes it possible for unauthenticated attackers to extract the content of password-protected posts...

5.3CVSS0.00239EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-8848

The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.22.0. This is due to the plugin not properly verifying that a user is authorized to perform an...

7.2CVSS0.00659EPSS
Exploits0References12
CVE
CVE
added 5 days ago15 views

CVE-2026-8848

Technical details are not publicly available in the provided documents. Monitor for updates.

7.2CVSS6.2AI score0.00659EPSS
Exploits0References12
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-8848 Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder <= 1.22.0 - Missing Authorization to Authenticated (Editor+) Arbitrary Plugin Installation

The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.22.0. This is due to the plugin not properly verifying that a user is authorized to perform an...

7.2CVSS0.00659EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-8848

The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.22.0. This is due to the plugin not properly verifying that a user is authorized to perform an...

7.2CVSS6.2AI score0.00659EPSS
Exploits0References13
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42544

The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.22.0. This is due to the plugin not properly verifying that a user is authorized to perform an...

7.2CVSS6.2AI score0.00659EPSS
Exploits0References12
NVD
NVD
added 2026/07/02 12:17 p.m.7 views

CVE-2026-56037

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...

8.8CVSS0.00309EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:30 a.m.9 views

CVE-2026-56037

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 11:30 a.m.36 views

CVE-2026-56037 WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...

8.8CVSS0.00309EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:30 a.m.17 views

CVE-2026-56037

The CVE-2026-56037 affects Themify Popup (WordPress plugin) ≤ 1.4.3. It describes a Deserialization of Untrusted Data vulnerability that allows PHP Object Injection through deserialized data. The underlying issue is the ability to inject or manipulate objects via untrusted input, enabling high-ri...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References1
Rows per page
Query Builder