Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ays-pro popup box vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5809
The Popup box WordPress plugin prior to 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite se...
Ays-pro Popup Box
NA
CVE-2023-5343
The Popup box WordPress plugin prior to 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Ays-pro Popup Box
NA
CVE-2023-4390
The Popup box WordPress plugin prior to 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).
Ays-pro Popup Box
6.5
CVSSv2
CVE-2021-24460
The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin prior to 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin d...
Ays-pro Popup Box
6.5
CVSSv2
CVE-2021-24458
The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin prior to 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the ad...
Ays-pro Popup Box
NA
CVE-2023-5874
The Popup box WordPress plugin prior to 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite se...
Ays-pro Popup Box
NA
CVE-2023-27414
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions.
Ays-pro Popup Box
4.3
CVSSv2
CVE-2022-0641
The Popup Like box WordPress plugin prior to 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Ays-pro Popup Like Box
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started