Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
popup vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-10196
An XSS vulnerability in the popup-builder plugin prior to 3.64.1 for WordPress allows remote malicious users to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated malicious user to insert ma...
Sygnoos Popup-builder
6.1
CVSSv3
CVE-2021-24152
The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting.
Sygnoos Popup Builder
6.1
CVSSv3
CVE-2023-6000
The Popup Builder WordPress plugin prior to 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.
Sygnoos Popup Builder
1 Article
5.4
CVSSv3
CVE-2021-24883
The Popup Anything WordPress plugin prior to 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
Essentialplugin Popup Anything
8.8
CVSSv3
CVE-2019-15867
The slick-popup plugin prior to 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action.
Omaksolutions Slick-popup
4.8
CVSSv3
CVE-2023-3226
The Popup Builder WordPress plugin prior to 4.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisit...
Sygnoos Popup Builder
4.3
CVSSv3
CVE-2017-20065
A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...
Supsystic Popup 1.7.6
4.8
CVSSv3
CVE-2023-46824
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin <= 1.7.14 versions.
Omaksolutions Slick Popup
6.3
CVSSv3
CVE-2020-10195
The popup-builder plugin prior to 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attac...
Sygnoos Popup-builder
5.4
CVSSv3
CVE-2023-23641
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPmanage Uji Popup plugin <= 1.4.3 versions.
Wpmanage Uji Popup
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »