CVE-2026-24616 WordPress WP Popups plugin <= 2.2.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through = 2.2.0.5...

EUVD-2023-24094

Malicious code in bioql PyPI...

CVE-2024-6555

The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to...

CVE-2024-6555 WP Popups – WordPress Popup builder <= 2.2.0.1 - Unauthenticated Full Path Disclosure

The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to...

CVE-2024-6555

CVE-2024-6555 affects the WP Popups – WordPress Popup builder plugin for WordPress (typically WP Popups Lite) up to version 2.2.0.1. The issue is a Full Path Disclosure caused by using mobiledetect without access restrictions, allowing unauthenticated attackers to retrieve server file paths. Expl...

WP Popups < 2.1.5.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2024-29105

CVE-2024-29105 is a Stored XSS vulnerability in WP Popups (Timed/Timersys Popups) that affects WP Popups versions up to 2.1.5.5. The description indicates improper neutralization of input during web page generation, enabling cross-site scripting. No explicit exploit details or active exploit stat...

CVE-2024-29105 WordPress WP Popups – WordPress Popup builder plugin <= 2.1.5.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5...

WordPress WP Popups Plugin <= 2.1.5.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Popups Type Plugin Vulnerable versions = 2.1.5.5 Fixed in 2.1.5.6 OWASP Top 10 A7: Identification and Authentication Failures Classification Cross Site Scripting XSS CVE CVE-2024-29105 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 35ef43496a84 Credits Huynh...

CVE-2023-1905

The CVE-2023-1905 vuln concerns the WP Popups WordPress plugin prior to version 2.1.5.1. The issue is an insufficient escape of the href attribute for the spu-facebook-page shortcode, leading to potential Stored XSS for users with the contributor role or higher when the shortcode is embedded in a...

CVE-2023-1905 WP Popups < 2.1.5.1 - Contributor+ Stored XSS

The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

WP Popups < 2.1.5.1 - Contributor+ Stored XSS

The plugin does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficie...

WP Popups < 2.1.5.1 - Contributor+ Stored XSS

The plugin does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficie...

CVE-2023-24003

CVE-2023-24003 affects the WP Popups WordPress plugin, specifically versions

CVE-2022-4716

The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

CVE-2022-4716 WP Popups < 2.1.4.8 - Contributor+ Stored XSS

The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

CVE-2022-4716

The CVE-2022-4716 issue affects the WP Popups WordPress plugin prior to version 2.1.4.8. The root cause is that the plugin does not validate and escape certain shortcode attributes before outputting them, enabling Stored Cross-Site Scripting (Stored XSS) where low-privilege users (as low as Contr...

CVE-2022-4716 WP Popups < 2.1.4.8 - Contributor+ Stored XSS

The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

WordPress WP Popups Plugin <= 2.1.4.8 is vulnerable to Cross Site Scripting (XSS)

Software WP Popups Type Plugin Vulnerable versions = 2.1.4.8 Fixed in 2.1.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24003 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 67ff2b51dbe7 Credits Rafshanzani Suhada Requir...

WordPress plugin WP Popups 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...