Skip to main content

Popup Maker

9 CVEs product

Monthly

CVE-2024-10583 MEDIUM PATCH This Month

The Popup Maker - Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’ parameter in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Popup Maker
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5561 MEDIUM POC This Month

The Popup Maker WordPress plugin before 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Maker
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-7054 MEDIUM PATCH This Month

The Popup Maker - Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘close_text’ parameter in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Popup Maker
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-2336 MEDIUM PATCH This Month

The Popup Maker - Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.18.2 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Popup Maker
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-47597 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Popup Maker Popup Maker - Popup for opt-ins, lead gen, & more.17.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Popup Maker
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-3690 MEDIUM POC This Month

The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Maker
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1104 MEDIUM POC THREAT This Month

The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Popup Maker
NVD WPScan Exploit-DB
CVSS 3.1
4.8
EPSS
55.8%
CVE-2019-17574 CRITICAL POC Act Now

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Popup Maker
NVD GitHub
CVSS 3.1
9.1
EPSS
9.3%
CVE-2017-2284 MEDIUM PATCH This Month

Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Popup Maker
NVD
CVSS 3.0
6.1
EPSS
0.5%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Popup Maker - Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’ parameter in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Popup Maker
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

The Popup Maker WordPress plugin before 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Maker
NVD WPScan
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Popup Maker - Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘close_text’ parameter in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Popup Maker
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The Popup Maker - Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.18.2 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Popup Maker
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Popup Maker Popup Maker - Popup for opt-ins, lead gen, & more.17.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Popup Maker
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Maker
NVD WPScan
EPSS 56% CVSS 4.8
MEDIUM POC THREAT This Month

The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Popup Maker
NVD WPScan Exploit-DB
EPSS 9% CVSS 9.1
CRITICAL POC Act Now

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Popup Maker
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Popup Maker
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy