Lucene search
K

5 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/06/23 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-17574

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt...

9.1CVSS5.8AI score0.09232EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/06/03 11:22 a.m.16 views

CVE-2025-4205 Popup Maker <= 1.20.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via popupID Parameter

The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popupID' parameter in all versions up to, and including, 1.20.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS0.00238EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 11:59 a.m.8 views

CVE-2025-24746

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Iser Popup Maker popup-maker allows Stored XSS.This issue affects Popup Maker: from n/a through = 1.20.2...

6.5CVSS7.2AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:19 a.m.8 views

CVE-2024-10583

The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘posttitle’ parameter in all versions up to, and including, 1.20.2 due to insufficient input sanitization and output...

5.4CVSS5.8AI score0.00292EPSS
Exploits0References1
OSV
OSV
added 2024/11/01 3:15 p.m.7 views

CVE-2024-47358

Missing Authorization vulnerability in Popup Maker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Popup Maker: from n/a through 1.19.2...

9.8CVSS6.8AI score
Exploits0References1
Rows per page
Query Builder