Hollerbox
Monthly
Unauthenticated reflected/stored cross-site scripting in the HollerBox WordPress plugin (versions 2.3.10.1 and earlier) allows remote attackers to inject malicious JavaScript that executes in a victim's browser when they interact with a crafted link or page. The flaw was disclosed via Patchstack and carries a CVSS 3.1 score of 7.1 due to the scope change (S:C) reflecting the WordPress site context being affected from injected content; no public exploit identified at time of analysis and no CISA KEV listing exists.
Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Unauthenticated reflected/stored cross-site scripting in the HollerBox WordPress plugin (versions 2.3.10.1 and earlier) allows remote attackers to inject malicious JavaScript that executes in a victim's browser when they interact with a crafted link or page. The flaw was disclosed via Patchstack and carries a CVSS 3.1 score of 7.1 due to the scope change (S:C) reflecting the WordPress site context being affected from injected content; no public exploit identified at time of analysis and no CISA KEV listing exists.
Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.