Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-6591 | 1 Ays-pro | 1 Popup Box | 2024-10-28 | N/A | 4.8 MEDIUM |
The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
CVE-2023-5343 | 1 Ays-pro | 1 Popup Box | 2024-07-12 | N/A | 4.8 MEDIUM |
The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
CVE-2023-5874 | 1 Ays-pro | 1 Popup Box | 2024-02-28 | N/A | 4.8 MEDIUM |
The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
CVE-2023-5809 | 1 Ays-pro | 1 Popup Box | 2024-02-28 | N/A | 4.8 MEDIUM |
The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
CVE-2023-4390 | 1 Ays-pro | 1 Popup Box | 2024-02-28 | N/A | 4.8 MEDIUM |
The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup). | |||||
CVE-2023-27414 | 1 Ays-pro | 1 Popup Box | 2024-02-28 | N/A | 6.1 MEDIUM |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions. | |||||
CVE-2021-24460 | 1 Ays-pro | 1 Popup Box | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard | |||||
CVE-2021-24458 | 1 Ays-pro | 1 Popup Box | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard |