Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
popup vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-0424
The Popup by Supsystic WordPress plugin prior to 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated malicious users to call it and get the email addresses of subscribed users
Supsystic Popup
NA
CVE-2023-0924
The ZYREX POPUP WordPress plugin up to and including 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multi...
Zyrex Popup
NA
CVE-2023-3186
The Popup by Supsystic WordPress plugin prior to 1.10.19 has a prototype pollution vulnerability that could allow an malicious user to inject arbitrary properties into Object.prototype.
Supsystic Popup
6.8
CVSSv2
CVE-2016-10915
The popup-by-supsystic plugin prior to 1.7.9 for WordPress has CSRF.
Supsystic Popup
4.3
CVSSv2
CVE-2021-24275
The Popup by Supsystic WordPress plugin prior to 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
Supsystic Popup
NA
CVE-2023-46824
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin <= 1.7.14 versions.
Omaksolutions Slick Popup
7.5
CVSSv2
CVE-2022-0479
The Popup Builder WordPress plugin prior to 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site ...
Sygnoos Popup Builder
NA
CVE-2023-23641
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPmanage Uji Popup plugin <= 1.4.3 versions.
Wpmanage Uji Popup
NA
CVE-2022-38077
Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions.
Essentialplugin Popup Anything
NA
CVE-2022-2115
The Popup Anything WordPress plugin prior to 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting
Essentialplugin Popup Anything
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »