Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-4125 | 1 Popup Manager Project | 1 Popup Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well | |||||
CVE-2022-4124 | 1 Popup Manager Project | 1 Popup Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them |