10 matches found
CVE-2026-32367 WordPress Modal Dialog plugin <= 3.5.16 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through = 3.5.16...
CVE-2025-54683
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Astoundify WP Modal Popup with Cookie Integration wp-modal-popup-with-cookie-integration allows Reflected XSS.This issue affects WP Modal Popup with Cookie Integration: from n/a through = 2.4...
CVE-2025-54683 WordPress WP Modal Popup with Cookie Integration Plugin plugin <= 2.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Astoundify WP Modal Popup with Cookie Integration wp-modal-popup-with-cookie-integration allows Reflected XSS.This issue affects WP Modal Popup with Cookie Integration: from n/a through = 2.4...
CVE-2024-3472
The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack...
CVE-2025-39469 WordPress Modal Survey plugin <= 2.0.2.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pantherius Modal Survey allows Reflected XSS.This issue affects Modal Survey: from n/a through 2.0.2.0.1...
WordPress Modal 1.5.8 Code Execution / Denial of Service
WordPress Modal plugin versions 1.5.8 and below suffer from remote code execution and denial of service vulnerabilities due to unsafe deserialization. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title Wordpress Modal Popup Box Plugin - Multiple Vulnerabilities...
CVE-2023-5161
The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-lev...
CVE-2023-24001 WordPress Modal Dialog Plugin <= 3.5.9 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Yannick Lefebvre Modal Dialog plugin = 3.5.9 versions...
WordPress Modal Dialog Plugin <= 3.5.9 is vulnerable to Cross Site Scripting (XSS)
Software Modal Dialog Type Plugin Vulnerable versions = 3.5.9 Fixed in 3.5.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24001 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9eee5fac62a6 Credits Rio Darmawan Required...
WordPress Modal Window plugin <= 5.2.1 - Remote File Inclusion (RFI) leading to Remote Code Execution (RCE) via CSRF vulnerability
Remote File Inclusion RFI leading to Remote Code Execution RCE via CSRF vulnerability discovered by Krzysztof Zając in WordPress Modal Window plugin versions = 5.2.1. Solution Update the WordPress Modal Window plugin to the latest available version at least 5.2.2...