Popup-Maker < 1.8.12 - Broken Authentication

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt aka the...

WordPress plugin WowOptin: Next-Gen Popup Maker 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2024-34770

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Popup Maker Popup Maker WP popup-maker-wp allows Stored XSS.This issue affects Popup Maker WP: from n/a through = 1.3.6...

CVE-2024-2336

The Popup Maker – Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

EUVD-2017-11467

Malware in sbrugna...

EUVD-2024-42394

Malicious code in bioql PyPI...

EUVD-2022-43049

Malicious code in bioql PyPI...

EUVD-2022-50357

Malicious code in bioql PyPI...

EUVD-2022-51712

Malicious code in bioql PyPI...

EUVD-2024-27290

Malicious code in bioql PyPI...

EUVD-2025-31215

Malicious code in bioql PyPI...

EUVD-2024-35040

Malicious code in bioql PyPI...

EUVD-2022-48673

Malicious code in bioql PyPI...

EUVD-2024-48053

Malicious code in bioql PyPI...

EUVD-2025-3935

Malicious code in bioql PyPI...

CVE-2025-9490

The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.20.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access an...

CVE-2025-9490

The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.20.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access an...

CVE-2025-9490 Popup Maker <= 1.20.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter

The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.20.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access an...

CVE-2025-9490

The Popup Maker WordPress plugin (up to version 1.20.6) is exposed to a Stored Cross-Site Scripting vulnerability via the title parameter. It requires authentication with Contributor-level access or higher to inject scripts, which can execute when any user visits the page containing the injected ...

CVE-2025-9490 Popup Maker <= 1.20.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter

The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.20.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access an...