Skip to main content

Hollerbox

3 CVEs product

Monthly

CVE-2026-48885 HIGH This Week

Unauthenticated reflected/stored cross-site scripting in the HollerBox WordPress plugin (versions 2.3.10.1 and earlier) allows remote attackers to inject malicious JavaScript that executes in a victim's browser when they interact with a crafted link or page. The flaw was disclosed via Patchstack and carries a CVSS 3.1 score of 7.1 due to the scope change (S:C) reflecting the WordPress site context being affected from injected content; no public exploit identified at time of analysis and no CISA KEV listing exists.

XSS Hollerbox
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-41657 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hollerbox
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-2111 MEDIUM POC This Month

The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Hollerbox
NVD WPScan
CVSS 3.1
4.9
EPSS
0.8%
EPSS 0% CVSS 7.1
HIGH This Week

Unauthenticated reflected/stored cross-site scripting in the HollerBox WordPress plugin (versions 2.3.10.1 and earlier) allows remote attackers to inject malicious JavaScript that executes in a victim's browser when they interact with a crafted link or page. The flaw was disclosed via Patchstack and carries a CVSS 3.1 score of 7.1 due to the scope change (S:C) reflecting the WordPress site context being affected from injected content; no public exploit identified at time of analysis and no CISA KEV listing exists.

XSS Hollerbox
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hollerbox
NVD
EPSS 1% CVSS 4.9
MEDIUM POC This Month

The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Hollerbox
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy