CVE-2026-32495

CVE-2026-32495 is a Missing Authorization vulnerability impacting the WP Terms Popup (WP Terms Popup) WordPress plugin, affecting versions from unknown up to and including 2.10.0. The root cause is an incorrectly configured access control security level (Missing Authorization), which can allow an...

CVE-2026-32495 WordPress WP Terms Popup plugin <= 2.10.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through = 2.10.0...

WordPress Simple Popup Plugin plugin <= 4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Simple Popup versions = 4.5...

CVE-2026-24616

CVE-2026-24616 concerns WP Popups: WordPress Popup Builder (Damian WP Popups wp-popups-lite) with Missing Authorization affecting versions up to 2.2.0.3, reported as Broken Access Control. Connected Red Hat and CVE records confirm the issue affects WP Popups

CVE-2025-49912

CVE-2025-49912 affects the WordPress Email Subscription Popup (plugin: email-subscribe) with versions up to 1.2.26. The vulnerability is due to improper input neutralization during web page generation, enabling Stored XSS. Impact is Stored XSS on affected pages; exploitation requires user interac...

EUVD-2014-9340

Malware in sbrugna...

EUVD-2017-11072

Malware in sbrugna...

EUVD-2015-1105

Malware in sbrugna...

EUVD-2019-6778

Malware in sbrugna...

EUVD-2023-28462

Malicious code in bioql PyPI...

EUVD-2023-50990

Malicious code in bioql PyPI...

EUVD-2023-35114

Malicious code in bioql PyPI...

EUVD-2023-38274

Malicious code in bioql PyPI...

EUVD-2022-34577

Malicious code in bioql PyPI...

EUVD-2023-28450

Malicious code in bioql PyPI...

CVE-2024-3276

The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...

CVE-2024-5665

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘exportsettings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2024-0844

The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute...

CVE-2024-11427

The Catch Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catch-popup' shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-30750

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10...