Ays-pro

Popup Box

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-57931

  • EPSS 0.02%
  • Veröffentlicht 29.10.2025 04:15:52
  • Zuletzt bearbeitet 30.10.2025 15:05:32

Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through 5.5.4.

5.4

CVE-2024-9599

Exploit
  • EPSS 0.03%
  • Veröffentlicht 15.05.2025 20:16:00
  • Zuletzt bearbeitet 04.06.2025 20:06:33

The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed...

5.3

CVE-2024-10861

  • EPSS 0.26%
  • Veröffentlicht 16.11.2024 03:15:14
  • Zuletzt bearbeitet 18.11.2024 17:11:17

The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and inclu...

5.3

CVE-2024-3897

  • EPSS 0.49%
  • Veröffentlicht 02.05.2024 17:15:32
  • Zuletzt bearbeitet 21.11.2024 09:30:39

The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions up to, and including, 4.3.6. This makes it possibl...

4.8

CVE-2023-6591

Exploit
  • EPSS 0.2%
  • Veröffentlicht 12.02.2024 16:15:08
  • Zuletzt bearbeitet 21.11.2024 08:44:09

The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8

CVE-2023-5809

Exploit
  • EPSS 0.2%
  • Veröffentlicht 04.12.2023 22:15:07
  • Zuletzt bearbeitet 21.11.2024 08:42:32

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ...

4.8

CVE-2023-5874

Exploit
  • EPSS 0.2%
  • Veröffentlicht 04.12.2023 22:15:07
  • Zuletzt bearbeitet 21.11.2024 08:42:41

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ...

4.8

CVE-2023-5343

Exploit
  • EPSS 0.09%
  • Veröffentlicht 20.11.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 08:41:34

The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

4.8

CVE-2023-4390

Exploit
  • EPSS 0.17%
  • Veröffentlicht 31.10.2023 14:15:11
  • Zuletzt bearbeitet 23.04.2025 17:16:44

The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for ex...

6.1

CVE-2023-27414

  • EPSS 0.08%
  • Veröffentlicht 21.06.2023 14:15:09
  • Zuletzt bearbeitet 21.11.2024 07:52:51

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions.