Vulnerabilities (CVE)

Filtered by vendor Popup Manager Project Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4125 1 Popup Manager Project 1 Popup Manager 2024-11-21 N/A 4.3 MEDIUM
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well
CVE-2022-4124 1 Popup Manager Project 1 Popup Manager 2024-11-21 N/A 4.3 MEDIUM
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them