Lucene search
K

35 matches found

Nuclei
Nuclei
added yesterday11 views

WP Popups - Information Disclosure

WP Popups - WordPress Popup builder plugin for WordPress contains a full path disclosure caused by using mobiledetect without access restrictions, letting unauthenticated attackers retrieve server paths, exploit requires no specific conditions. id: CVE-2024-6555 info: name: WP Popups - Informatio...

5.3CVSS5.8AI score0.00927EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.7 views

CVE-2026-24616

Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through = 2.2.0.5...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 2:29 p.m.4 views

CVE-2026-24616 WordPress WP Popups plugin <= 2.2.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through = 2.2.0.5...

6.5CVSS5.1AI score0.00201EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 2:29 p.m.12 views

CVE-2026-24616

CVE-2026-24616 concerns WP Popups: WordPress Popup Builder (Damian WP Popups wp-popups-lite) with Missing Authorization affecting versions up to 2.2.0.3, reported as Broken Access Control. Connected Red Hat and CVE records confirm the issue affects WP Popups

6.5CVSS5.9AI score0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.7 views

PT-2026-4448

Name of the Vulnerable Software and Affected Versions Damian WP Popups versions through 2.2.0.3 Description An issue exists in Damian WP Popups wp-popups-lite related to incorrectly configured access control security levels, allowing for missing authorization. The issue allows exploitation of...

6.5CVSS5.3AI score0.00201EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-26144

Malicious code in bioql PyPI...

5.9CVSS8.6AI score0.00339EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-24094

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00444EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:0 a.m.9 views

CVE-2024-29105

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5...

5.9CVSS8.6AI score0.00339EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:13 a.m.23 views

CVE-2024-6555

The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to...

5.3CVSS6.5AI score0.00927EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:25 a.m.8 views

CVE-2022-4716

The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

5.4CVSS5.9AI score0.00471EPSS
Exploits2References1
NVD
NVD
added 2024/07/12 6:15 a.m.13 views

CVE-2024-6555

The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00927EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/12 5:32 a.m.31 views

CVE-2024-6555 WP Popups – WordPress Popup builder <= 2.2.0.1 - Unauthenticated Full Path Disclosure

The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00927EPSS
Exploits0References2
CVE
CVE
added 2024/07/12 5:32 a.m.50 views

CVE-2024-6555

CVE-2024-6555 affects the WP Popups – WordPress Popup builder plugin for WordPress (typically WP Popups Lite) up to version 2.2.0.1. The issue is a Full Path Disclosure caused by using mobiledetect without access restrictions, allowing unauthenticated attackers to retrieve server file paths. Expl...

5.3CVSS5.5AI score0.00927EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.13 views

WP Popups < 2.1.5.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

5.9CVSS5.7AI score0.00339EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/03/19 4:15 p.m.10 views

CVE-2024-29105

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5...

5.9CVSS5.7AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/19 3:39 p.m.16 views

CVE-2024-29105 WordPress WP Popups – WordPress Popup builder plugin <= 2.1.5.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5...

5.9CVSS5.9AI score0.00339EPSS
Exploits0References1
CVE
CVE
added 2024/03/19 3:39 p.m.57 views

CVE-2024-29105

CVE-2024-29105 is a Stored XSS vulnerability in WP Popups (Timed/Timersys Popups) that affects WP Popups versions up to 2.1.5.5. The description indicates improper neutralization of input during web page generation, enabling cross-site scripting. No explicit exploit details or active exploit stat...

5.9CVSS8.6AI score0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/19 3:39 p.m.15 views

CVE-2024-29105 WordPress WP Popups – WordPress Popup builder plugin <= 2.1.5.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5...

5.9CVSS6.7AI score0.00339EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/03/15 12:0 a.m.17 views

WordPress WP Popups Plugin <= 2.1.5.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Popups Type Plugin Vulnerable versions = 2.1.5.5 Fixed in 2.1.5.6 OWASP Top 10 A7: Identification and Authentication Failures Classification Cross Site Scripting XSS CVE CVE-2024-29105 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 35ef43496a84 Credits Huynh...

5.9CVSS6.3AI score0.00339EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/08 1:58 p.m.11 views

CVE-2023-1905 WP Popups < 2.1.5.1 - Contributor+ Stored XSS

The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.3AI score0.00444EPSS
Exploits2References1
Rows per page
Query Builder