Popup Box Security Vulnerabilities and Issues — Popup Box CVE List

cve

CVE-2023-27414

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions.

7.1CVSS

6AI Score

0.0005EPSS

2023-06-21 02:15 PM

18

cve

CVE-2023-4390

The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).

4.8CVSS

4.9AI Score

0.0004EPSS

2023-10-31 02:15 PM

18

cve

CVE-2023-5343

The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

4.8CVSS

4.8AI Score

0.0004EPSS

2023-11-20 07:15 PM

26

cve

CVE-2023-5809

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8CVSS

4.7AI Score

0.0004EPSS

2023-12-04 10:15 PM

12

cve

CVE-2023-5874

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8CVSS

4.7AI Score

0.0004EPSS

2023-12-04 10:15 PM

15

Popup Box Security Vulnerabilities - 2023