3 matches found
CVE-2022-2115
CVE-2022-2115 affects the WordPress plugin Popup Anything, where versions before 2.1.7 do not sanitize or escape a parameter before echoing it on a frontend page, enabling reflected XSS. The root cause is improper input handling in output rendering (frontend page). Exploitation guidance is availa...
CVE-2022-38077
CVE-2022-38077 is a CSRF vulnerability affecting the WP OnlineSupport / Popup Anything plugin for WordPress, in versions ≤ 2.2.1. The issue permits unauthorized cross-site requests that can be executed by an attacker due to unauthenticated access requirements. A fix has been released: upgrade to ...
CVE-2021-24883
The CVE-2021-24883 entry concern is confirmed by multiple connected sources: the WordPress Popup Anything plugin (versions up to and including 2.0.3) fails to escape the Link Text and Button Text fields in Popup, causing a Stored Cross-Site Scripting (XSS) vulnerability. The issue can be exploite...