Popup Box Security Vulnerabilities and Issues — Popup Box CVE List

Lucene search

Ays-proPopup Box

4 matches found

CVE•added 2024/02/12 4:15 p.m.•74 views

CVE-2023-6591

The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8CVSS5.8AI score0.00195EPSS

CVE•added 2024/05/02 6:15 a.m.•66 views

CVE-2024-3477

The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks

4.3CVSS6.7AI score0.00139EPSS

CVE•added 2024/05/02 5:15 p.m.•50 views

CVE-2024-3897

The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to enumerate all ...

5.3CVSS6.5AI score0.00479EPSS

CVE•added 2024/11/16 3:15 a.m.•24 views

CVE-2024-10861

The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and including, 4.9.7. This makes it possible for unauthent...

5.3CVSS5.2AI score0.00083EPSS