5 matches found
CVE-2026-2420
The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2026-2420
The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2023-25463
Cross-Site Request Forgery CSRF vulnerability in Gopi Ramasamy WP tell a friend popup form plugin = 7.1 versions...
CVE-2023-44230
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Popup contact form plugin = 7.1 versions...
CVE-2021-24718
Affected software: ARForms Form Builder plugin for WordPress (versions < 1.5). Vulnerability: Stored Cross-Site Scripting (XSS) due to improper sanitization of certain settings, enabling high-privilege users to inject scripts even when unfiltered_html is disallowed. Impact: Cross-site scriptin...