35 matches found
WP Popups - Information Disclosure
WP Popups - WordPress Popup builder plugin for WordPress contains a full path disclosure caused by using mobiledetect without access restrictions, letting unauthenticated attackers retrieve server paths, exploit requires no specific conditions. id: CVE-2024-6555 info: name: WP Popups - Informatio...
CVE-2026-24616
Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through = 2.2.0.5...
CVE-2026-24616 WordPress WP Popups plugin <= 2.2.0.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through = 2.2.0.5...
CVE-2026-24616
CVE-2026-24616 concerns WP Popups: WordPress Popup Builder (Damian WP Popups wp-popups-lite) with Missing Authorization affecting versions up to 2.2.0.3, reported as Broken Access Control. Connected Red Hat and CVE records confirm the issue affects WP Popups
PT-2026-4448
Name of the Vulnerable Software and Affected Versions Damian WP Popups versions through 2.2.0.3 Description An issue exists in Damian WP Popups wp-popups-lite related to incorrectly configured access control security levels, allowing for missing authorization. The issue allows exploitation of...
EUVD-2024-26144
Malicious code in bioql PyPI...
EUVD-2023-24094
Malicious code in bioql PyPI...
CVE-2024-29105
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5...
CVE-2024-6555
The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to...
CVE-2022-4716
The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
CVE-2024-6555
The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to...
CVE-2024-6555 WP Popups – WordPress Popup builder <= 2.2.0.1 - Unauthenticated Full Path Disclosure
The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to...
CVE-2024-6555
CVE-2024-6555 affects the WP Popups – WordPress Popup builder plugin for WordPress (typically WP Popups Lite) up to version 2.2.0.1. The issue is a Full Path Disclosure caused by using mobiledetect without access restrictions, allowing unauthenticated attackers to retrieve server file paths. Expl...
WP Popups < 2.1.5.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2024-29105
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5...
CVE-2024-29105 WordPress WP Popups – WordPress Popup builder plugin <= 2.1.5.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5...
CVE-2024-29105
CVE-2024-29105 is a Stored XSS vulnerability in WP Popups (Timed/Timersys Popups) that affects WP Popups versions up to 2.1.5.5. The description indicates improper neutralization of input during web page generation, enabling cross-site scripting. No explicit exploit details or active exploit stat...
CVE-2024-29105 WordPress WP Popups – WordPress Popup builder plugin <= 2.1.5.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5...
WordPress WP Popups Plugin <= 2.1.5.5 is vulnerable to Cross Site Scripting (XSS)
Software WP Popups Type Plugin Vulnerable versions = 2.1.5.5 Fixed in 2.1.5.6 OWASP Top 10 A7: Identification and Authentication Failures Classification Cross Site Scripting XSS CVE CVE-2024-29105 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 35ef43496a84 Credits Huynh...
CVE-2023-1905 WP Popups < 2.1.5.1 - Contributor+ Stored XSS
The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...