Code-atlantic

Popup Maker

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-24746

  • EPSS 0.13%
  • Veröffentlicht 24.01.2025 18:15:48
  • Zuletzt bearbeitet 28.03.2025 19:15:14

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup Maker Popup Maker allows Stored XSS. This issue affects Popup Maker: from n/a through 1.20.2.

3.5

CVE-2022-45819

  • EPSS 0.16%
  • Veröffentlicht 13.12.2024 15:15:08
  • Zuletzt bearbeitet 11.04.2025 14:58:45

Missing Authorization vulnerability in Popup Maker Popup Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Maker: from n/a through 1.17.1.

5.4

CVE-2024-10583

  • EPSS 0.16%
  • Veröffentlicht 12.12.2024 07:15:05
  • Zuletzt bearbeitet 11.04.2025 14:59:12

The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’ parameter in all versions up to, and including, 1.20.2 due to i...

9.8

CVE-2024-47358

  • EPSS 0.59%
  • Veröffentlicht 01.11.2024 15:15:55
  • Zuletzt bearbeitet 12.11.2024 20:28:55

Missing Authorization vulnerability in Popup Maker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Popup Maker: from n/a through 1.19.2.

4.8

CVE-2024-5561

Exploit
  • EPSS 0.48%
  • Veröffentlicht 09.09.2024 06:15:01
  • Zuletzt bearbeitet 07.10.2024 17:45:29

The Popup Maker WordPress plugin before 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo...

5.4

CVE-2024-7054

  • EPSS 0.2%
  • Veröffentlicht 20.08.2024 11:15:03
  • Zuletzt bearbeitet 31.03.2025 18:27:47

The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘close_text’ parameter in all versions up to, and including, 1.19.0 due to i...

5.4

CVE-2024-2336

  • EPSS 0.21%
  • Veröffentlicht 09.04.2024 19:15:32
  • Zuletzt bearbeitet 11.04.2025 13:12:50

The Popup Maker – Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escap...

7.5

CVE-2022-47597

  • EPSS 0.28%
  • Veröffentlicht 20.12.2023 18:15:11
  • Zuletzt bearbeitet 21.11.2024 07:32:14

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Popup Maker Popup Maker – Popup for opt-ins, lead gen, & more.This issue affects Popup Maker – Popup for opt-ins, lead gen, & more: from n/a through 1.17.1.

5.4

CVE-2022-4381

Exploit
  • EPSS 0.25%
  • Veröffentlicht 02.01.2023 22:15:18
  • Zuletzt bearbeitet 10.04.2025 15:16:01

The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

5.4

CVE-2022-4362

Exploit
  • EPSS 0.4%
  • Veröffentlicht 02.01.2023 22:15:17
  • Zuletzt bearbeitet 10.04.2025 15:16:01

The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks