The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting.
6.1CVSS
6.2AI Score
0.001EPSS
Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress.
8.8CVSS
8.7AI Score
0.001EPSS
Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with mi...
6.5CVSS
6.4AI Score
EPSS
Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauth...
4.3CVSS
4.7AI Score
0.001EPSS
The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.
4.8CVSS
6.3AI Score
0.0004EPSS