Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
popup vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-4808
The WP Post Popup WordPress plugin up to and including 3.7.3 does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
Allurewebsolutions Wp Post Popup
6.1
CVSSv3
CVE-2023-30489
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Email Subscription Popup plugin <= 1.2.16 versions.
I13websolution Email Subscription Popup
5.4
CVSSv3
CVE-2023-4962
The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authe...
Wp-plugins Video Popup
4.8
CVSSv3
CVE-2023-4390
The Popup box WordPress plugin prior to 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).
Ays-pro Popup Box
8.8
CVSSv3
CVE-2021-24460
The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin prior to 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin d...
Ays-pro Popup Box
4.8
CVSSv3
CVE-2023-24006
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Software LLC WP Terms Popup plugin <= 2.6.0 versions.
Linksoftwarellc Wp Terms Popup
8.8
CVSSv3
CVE-2021-24458
The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin prior to 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the ad...
Ays-pro Popup Box
6.1
CVSSv3
CVE-2023-34174
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BBS e-Theme BBS e-Popup plugin <= 2.4.5 versions.
Bbsetheme Bbs E-popup
4.8
CVSSv3
CVE-2023-44228
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Onclick show popup plugin <= 8.1 versions.
Gopiplus Onclick Show Popup
4.8
CVSSv3
CVE-2023-44230
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <= 7.1 versions.
Gopiplus Popup Contact Form
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »