CVE-2022-3690
- EPSS 0.44%
- Veröffentlicht 21.11.2022 11:15:20
- Zuletzt bearbeitet 29.04.2025 17:15:36
The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins
CVE-2022-1104
- EPSS 13.5%
- Veröffentlicht 09.05.2022 17:15:08
- Zuletzt bearbeitet 21.11.2024 06:40:02
The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di...
CVE-2019-17574
- EPSS 86.89%
- Veröffentlicht 14.10.2019 14:15:10
- Zuletzt bearbeitet 21.11.2024 04:32:34
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling conten...
CVE-2017-2284
- EPSS 0.54%
- Veröffentlicht 02.08.2017 16:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.