Ays-pro

Popup Box

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-15611

Exploit
  • EPSS 0.02%
  • Veröffentlicht 07.04.2026 06:00:09
  • Zuletzt bearbeitet 09.04.2026 19:43:40

The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated ad...

4.3

CVE-2026-1165

  • EPSS 0.01%
  • Veröffentlicht 31.01.2026 14:22:29
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publish_unpublish_popupbox' function that verifies a self-created nonce r...

5.4

CVE-2025-69021

  • EPSS 0.02%
  • Veröffentlicht 30.12.2025 10:47:55
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 6.0.7.

5.3

CVE-2025-57931

  • EPSS 0.01%
  • Veröffentlicht 29.10.2025 04:15:52
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 5.5.4.

5.4

CVE-2024-9599

Exploit
  • EPSS 0.14%
  • Veröffentlicht 15.05.2025 20:16:00
  • Zuletzt bearbeitet 04.06.2025 20:06:33

The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed...

5.3

CVE-2024-10861

  • EPSS 0.38%
  • Veröffentlicht 16.11.2024 03:15:14
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and inclu...

5.3

CVE-2024-3897

  • EPSS 0.49%
  • Veröffentlicht 02.05.2024 17:15:32
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions up to, and including, 4.3.6. This makes it possibl...

4.8

CVE-2023-6591

Exploit
  • EPSS 0.23%
  • Veröffentlicht 12.02.2024 16:15:08
  • Zuletzt bearbeitet 21.11.2024 08:44:09

The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8

CVE-2023-5809

Exploit
  • EPSS 0.2%
  • Veröffentlicht 04.12.2023 22:15:07
  • Zuletzt bearbeitet 21.11.2024 08:42:32

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ...

4.8

CVE-2023-5874

Exploit
  • EPSS 0.2%
  • Veröffentlicht 04.12.2023 22:15:07
  • Zuletzt bearbeitet 21.11.2024 08:42:41

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ...