Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
popup vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2016-10915
The popup-by-supsystic plugin prior to 1.7.9 for WordPress has CSRF.
Supsystic Popup
NA
CVE-2023-3186
The Popup by Supsystic WordPress plugin prior to 1.10.19 has a prototype pollution vulnerability that could allow an malicious user to inject arbitrary properties into Object.prototype.
Supsystic Popup
383
VMScore
CVE-2021-24275
The Popup by Supsystic WordPress plugin prior to 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
Supsystic Popup
445
VMScore
CVE-2022-0424
The Popup by Supsystic WordPress plugin prior to 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated malicious users to call it and get the email addresses of subscribed users
Supsystic Popup
NA
CVE-2023-0924
The ZYREX POPUP WordPress plugin up to and including 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multi...
Zyrex Popup
312
VMScore
CVE-2022-1894
The Popup Builder WordPress plugin prior to 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed
Sygnoos Popup Builder
NA
CVE-2022-29495
Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an malicious user to update plugin settings.
Sygnoos Popup Builder
668
VMScore
CVE-2022-0479
The Popup Builder WordPress plugin prior to 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site ...
Sygnoos Popup Builder
383
VMScore
CVE-2021-24152
The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting.
Sygnoos Popup Builder
NA
CVE-2023-30750
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a up to and including 1.5.10.
Cminds Cm Popup
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »