Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
popup vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-2404
The WP Popup Builder WordPress plugin prior to 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Themehunk Wp Popup Builder
383
VMScore
CVE-2021-34658
The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/simple-popup-newsletter.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1....
Keszites Simple Popup Newsletter
NA
CVE-2023-5809
The Popup box WordPress plugin prior to 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite se...
Ays-pro Popup Box
NA
CVE-2022-4362
The Popup Maker WordPress plugin prior to 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Code-atlantic Popup Maker
NA
CVE-2022-47597
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Popup Maker Popup Maker – Popup for opt-ins, lead gen, & more.This issue affects Popup Maker – Popup for opt-ins, lead gen, & more: from n/a up to and including 1.17.1.
Code-atlantic Popup Maker
NA
CVE-2020-36715
The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated malicious users to inject arbitrary web scripts into the plugin ...
Xootix Login\\/signup Popup
570
VMScore
CVE-2019-17574
An issue exists in the Popup Maker plugin prior to 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-inf...
Code-atlantic Popup Maker
NA
CVE-2023-6527
The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTP_REFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malici...
I13websolution Email Subscription Popup
NA
CVE-2023-6555
The Email Subscription Popup WordPress plugin prior to 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
I13websolution Email Subscription Popup
NA
CVE-2023-5343
The Popup box WordPress plugin prior to 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Ays-pro Popup Box
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »