Lucene search
K
Code-atlanticPopup Maker

14 matches found

CVE
CVE
added 2019/10/14 1:55 p.m.164 views

CVE-2019-17574

The CVE concerns the WordPress Popup Maker plugin prior to version 1.8.13. An unauthenticated attacker can partially control the arguments passed to the do_action function to invoke certain popmake_ or pum_ methods, demonstrated by manipulation of the popmake-system-info.txt “support debug text f...

9.1CVSS9.1AI score0.09232EPSS
Web
CVE
CVE
added 2024/11/01 2:17 p.m.94 views

CVE-2024-47358

CVE-2024-47358 is a Broken Access Control vulnerability in WordPress Popup Maker plugin versions up to 1.19.2, enabling unauthenticated access to functionality constrained by ACLs. Patchstack confirms vulnerable range <= 1.19.2 and fixes applied in 1.20.0. The CVE entry centers on missing auth...

9.8CVSS5.9AI score0.00403EPSS
CVE
CVE
added 2022/05/09 4:50 p.m.88 views

CVE-2022-1104

CVE-2022-1104 affects the WordPress Popup Maker plugin (pre-1.16.5). The vulnerability arises from insufficient sanitisation/escaping of certain Popup settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Connected advisorie...

4.8CVSS4.6AI score0.55784EPSS
CVE
CVE
added 2022/11/21 12:0 a.m.81 views

CVE-2022-3690

CVE-2022-3690 affects the WordPress Popup Maker plugin for versions prior to 1.16.11. The issue is a stored XSS vulnerability caused by not sanitising and escaping certain popup options, allowing a user with Contributor+ privileges to inject code that could affect admins. Exploitation details and...

5.5CVSS4.8AI score0.00622EPSS
CVE
CVE
added 2017/08/02 4:0 p.m.76 views

CVE-2017-2284

CVE-2017-2284 affects the WordPress Popup Maker plugin. A cross-site scripting vulnerability exists in Popup Maker prior to version 1.6.5. The public details describe a reflected/unspecified-XSS risk that could allow injection of arbitrary scripts in pages processed by the plugin, potentially aff...

6.1CVSS6AI score0.01634EPSS
CVE
CVE
added 2024/04/09 6:58 p.m.73 views

CVE-2024-2336

CVE-2024-2336 affects the WordPress plugin Popup Maker – Popup for opt-ins, lead gen, & more. All versions up to 1.18.2 are vulnerable to Stored Cross‑Site Scripting via shortcode attributes due to insufficient input sanitization/output escaping. Exploitation requires contributor‑level privileges...

6.4CVSS6AI score0.0034EPSS
CVE
CVE
added 2025/01/24 5:25 p.m.73 views

CVE-2025-24746

CVE-2025-24746 is a stored Cross-Site Scripting vulnerability in the WordPress plugin Popup Maker (versions

6.5CVSS7.2AI score0.00296EPSS
CVE
CVE
added 2023/01/02 9:49 p.m.69 views

CVE-2022-4381

CVE-2022-4381 affects the WordPress plugin Popup Maker prior to version 1.16.9. The root cause is failure to validate and escape a shortcode attribute, enabling Stored Cross-Site Scripting (XSS) where users with as low as contributor role can inject scripts. This yields potential for stored paylo...

5.4CVSS5.2AI score0.00534EPSS
CVE
CVE
added 2023/01/02 9:49 p.m.64 views

CVE-2022-4362

CVE-2022-4362 affects the Popup Maker WordPress plugin prior to 1.16.9. The root cause is failure to validate and escape one shortcode attribute, enabling Stored XSS for users with as low as contributor. Impact per sources: potential Stored XSS with confidentiality/integrity impact, CVSSv3.1 base...

5.4CVSS5.2AI score0.00562EPSS
CVE
CVE
added 2024/12/12 6:46 a.m.64 views

CVE-2024-10583

CVE-2024-10583 : The Popup Maker – Boost Sales, Conversions, Optins, Subscribers (WordPress) is vulnerable to Stored XSS via the post_title parameter in all versions up to 1.20.2 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access (Contributor le...

5.4CVSS5.1AI score0.00292EPSS
CVE
CVE
added 2024/08/20 10:58 a.m.61 views

CVE-2024-7054

CVE-2024-7054 affects the Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress. It is a Stored Cross-Site Scripting (XSS) vulnerability in the close_text parameter, exploitable in all versions up to and including 1.19.0 due to insuff...

6.4CVSS5.7AI score0.00289EPSS
CVE
CVE
added 2024/12/13 2:22 p.m.51 views

CVE-2022-45819

CVE-2022-45819 affects the WordPress Popup Maker plugin up to version 1.17.1. Root cause: broken access control due to missing authorization checks. Impact: potential missing authorization could lead to unauthorized access to plugin functionality (low-severity, CVSSv3.1 base score 3.5). Exploitat...

3.5CVSS5.1AI score0.00401EPSS
CVE
CVE
added 2024/09/09 6:0 a.m.47 views

CVE-2024-5561

CVE-2024-5561 affects the Popup Maker WordPress plugin (pre-1.19.1). The issue arises because the plugin does not sanitize and escape certain settings, enabling stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multisite). Red Hat and OSV entri...

4.8CVSS4.9AI score0.0044EPSS
CVE
CVE
added 2023/12/20 5:46 p.m.44 views

CVE-2022-47597

The CVE-2022-47597 entry affects the WordPress plugin Popup Maker (Popup for opt-ins, lead gen, & more) up to version 1.17.1. Multiple sources confirm an information disclosure vulnerability where sensitive data could be exposed to unauthenticated actors. NVD scores it CVSS v3.1 at 7.5 (High) wit...

7.5CVSS7.7AI score0.00612EPSS