Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
popup vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-4362
The Popup Maker WordPress plugin prior to 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Code-atlantic Popup Maker
5.4
CVSSv3
CVE-2022-4381
The Popup Maker WordPress plugin prior to 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Code-atlantic Popup Maker
4.8
CVSSv3
CVE-2022-47610
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mr Digital Simple Image Popup plugin <= 1.3.6 versions.
Mrdigital Simple Image Popup
4.6
CVSSv3
CVE-2020-36715
The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated malicious users to inject arbitrary web scripts into the plugin ...
Xootix Login\\/signup Popup
7.2
CVSSv3
CVE-2022-29445
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress.
Wow-estore Popup Box
6.1
CVSSv3
CVE-2021-34658
The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/simple-popup-newsletter.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1....
Keszites Simple Popup Newsletter
4.8
CVSSv3
CVE-2023-24006
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Software LLC WP Terms Popup plugin <= 2.6.0 versions.
Linksoftwarellc Wp Terms Popup
6.1
CVSSv3
CVE-2022-2404
The WP Popup Builder WordPress plugin prior to 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Themehunk Wp Popup Builder
4.8
CVSSv3
CVE-2022-3690
The Popup Maker WordPress plugin prior to 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins
Code-atlantic Popup Maker
4.8
CVSSv3
CVE-2023-4808
The WP Post Popup WordPress plugin up to and including 3.7.3 does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
Allurewebsolutions Wp Post Popup
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »