Filtered by vendor Ays-pro
Subscriptions
Filtered by product Popup Box
Subscriptions
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5874 | 1 Ays-pro | 1 Popup Box | 2024-11-21 | 4.8 Medium |
| The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-6591 | 1 Ays-pro | 1 Popup Box | 2024-11-21 | 4.8 Medium |
| The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2023-5809 | 1 Ays-pro | 1 Popup Box | 2024-11-21 | 4.8 Medium |
| The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-5343 | 1 Ays-pro | 1 Popup Box | 2024-11-21 | 4.8 Medium |
| The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | ||||
| CVE-2023-4390 | 1 Ays-pro | 1 Popup Box | 2024-11-21 | 4.8 Medium |
| The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup). | ||||
| CVE-2023-27414 | 1 Ays-pro | 1 Popup Box | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions. | ||||
| CVE-2021-24460 | 1 Ays-pro | 1 Popup Box | 2024-11-21 | 8.8 High |
| The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard | ||||
| CVE-2021-24458 | 1 Ays-pro | 1 Popup Box | 2024-11-21 | 8.8 High |
| The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard | ||||
| CVE-2024-10861 | 1 Ays-pro | 1 Popup Box | 2024-11-19 | 5.3 Medium |
| The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and including, 4.9.7. This makes it possible for unauthenticated attackers to update the 'ays_pb_upgrade_plugin' option with arbitrary data. | ||||
Page 1 of 1.