CVE-2024-6555
- EPSS 8.25%
- Veröffentlicht 12.07.2024 06:15:05
- Zuletzt bearbeitet 21.11.2024 09:49:52
The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes ...
CVE-2024-29105
- EPSS 0.06%
- Veröffentlicht 19.03.2024 16:15:14
- Zuletzt bearbeitet 21.11.2024 09:07:33
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5.
CVE-2023-1905
- EPSS 0.14%
- Veröffentlicht 08.05.2023 14:15:13
- Zuletzt bearbeitet 29.01.2025 16:15:32
The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and ...
CVE-2023-24003
- EPSS 0.1%
- Veröffentlicht 06.04.2023 09:15:07
- Zuletzt bearbeitet 21.11.2024 07:47:14
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Timersys WP Popups – WordPress Popup plugin <= 2.1.4.8 versions.
CVE-2022-4716
- EPSS 0.2%
- Veröffentlicht 23.01.2023 15:15:16
- Zuletzt bearbeitet 02.04.2025 16:15:28
The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting atta...