Vulnerabilities (CVE)

Filtered by vendor Ays-pro Subscribe
Filtered by product Popup Box
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6591 1 Ays-pro 1 Popup Box 2024-10-28 N/A 4.8 MEDIUM
The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2023-5343 1 Ays-pro 1 Popup Box 2024-07-12 N/A 4.8 MEDIUM
The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
CVE-2023-5874 1 Ays-pro 1 Popup Box 2024-02-28 N/A 4.8 MEDIUM
The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2023-5809 1 Ays-pro 1 Popup Box 2024-02-28 N/A 4.8 MEDIUM
The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2023-4390 1 Ays-pro 1 Popup Box 2024-02-28 N/A 4.8 MEDIUM
The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).
CVE-2023-27414 1 Ays-pro 1 Popup Box 2024-02-28 N/A 6.1 MEDIUM
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions.
CVE-2021-24460 1 Ays-pro 1 Popup Box 2024-02-28 6.5 MEDIUM 8.8 HIGH
The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
CVE-2021-24458 1 Ays-pro 1 Popup Box 2024-02-28 6.5 MEDIUM 8.8 HIGH
The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard