CVE-2023-4390
- EPSS 0.17%
- Veröffentlicht 31.10.2023 14:15:11
- Zuletzt bearbeitet 23.04.2025 17:16:44
The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for ex...
CVE-2023-27414
- EPSS 0.08%
- Veröffentlicht 21.06.2023 14:15:09
- Zuletzt bearbeitet 21.11.2024 07:52:51
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions.
CVE-2021-24458
- EPSS 0.53%
- Veröffentlicht 02.08.2021 11:15:09
- Zuletzt bearbeitet 21.11.2024 05:53:06
The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQ...
CVE-2021-24460
- EPSS 0.53%
- Veröffentlicht 02.08.2021 11:15:09
- Zuletzt bearbeitet 21.11.2024 05:53:06
The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection...