CVE-2025-50027
- EPSS 0.05%
- Veröffentlicht 20.06.2025 15:15:29
- Zuletzt bearbeitet 15.04.2026 00:35:42
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xootix Login/Signup Popup easy-login-woocommerce allows Stored XSS.This issue affects Login/Signup Popup: from n/a through <= 2.9.4.
CVE-2025-1064
- EPSS 0.11%
- Veröffentlicht 20.02.2025 09:15:09
- Zuletzt bearbeitet 25.02.2025 20:41:01
The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xoo_el_action shortcode in all versions up to, and including, 2.8.5 due to insufficient input sanitization and out...
CVE-2024-5665
- EPSS 0.24%
- Veröffentlicht 06.06.2024 08:15:40
- Zuletzt bearbeitet 21.11.2024 09:48:07
The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘export_settings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenti...
CVE-2022-0215
- EPSS 0.32%
- Veröffentlicht 18.01.2022 17:15:10
- Zuletzt bearbeitet 21.11.2024 06:38:09
The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/ad...