Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Snyk
Snykadded 2026/05/06 11:24 a.m.5 views

Cross-site Scripting (XSS)

Overview org.apache.wicket:wicket-core is a Java web application framework that takes simplicity, separation of concerns and ease of development to a whole new level. Wicket pages can be mocked up, previewed and later revised using standard WYSIWYG HTML design tools. Dynamic content processing an...

7.2CVSS5.7AI score0.00357EPSS
Exploits0References2
Snyk
Snykadded 2026/05/06 11:24 a.m.7 views

Cross-site Scripting (XSS)

Overview org.apache.wicket:wicket-extensions is a rich component library for the Wicket framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper neutralization of JavaScript in PopupSettings.java‎, Link.java, and ExternalLink.java markup. An attacker ca...

7.2CVSS5.7AI score0.00357EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/01/07 9:16 a.m.6 views

CVE-2025-11370

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'store' function of the...

5.3CVSS5.3AI score0.00235EPSS
Exploits0References1
NVD
NVDadded 2026/01/06 4:15 a.m.13 views

CVE-2025-11370

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'store' function of the...

5.3CVSS0.00235EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/01/06 3:21 a.m.34 views

CVE-2025-11370 Depicter <= 4.0.7 - Missing Authorization to Unauthenticated Display Rule Updates

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'store' function of the...

5.3CVSS0.00235EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/01/06 3:21 a.m.3 views

CVE-2025-11370 Depicter <= 4.0.7 - Missing Authorization to Unauthenticated Display Rule Updates

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'store' function of the...

5.3CVSS5AI score0.00235EPSS
Exploits0References4
wpexploit
wpexploitadded 2023/11/13 12:0 a.m.154 views

Popup box < 3.8.6 - Admin+ Stored XSS in Popup Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new Popup 2. In the "Popups...

4.8CVSS6AI score0.0045EPSS
Exploits2
wpexploit
wpexploitadded 2022/04/12 12:0 a.m.398 views

Popup Maker < 1.16.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Popup Maker Create Popup Popup Settings Triggers Add New Cookie Add Cookie...

4.8CVSS0.2AI score0.539EPSS
Exploits2
Rows per page
Query Builder