Timersys Wp Popups vulnerabilities
4 known vulnerabilities affecting timersys/wp_popups.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2022-4716P4MEDIUMCVSS 5.4fixed in 2.1.4.82023-01-23
CVE-2022-4716 [MEDIUM] CWE-79 CVE-2022-4716: The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode att
The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
nvd
CVE-2023-1905P4MEDIUMCVSS 5.4fixed in 2.1.5.12023-05-08
CVE-2023-1905 [MEDIUM] CWE-79 CVE-2023-1905: The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu
The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficient fix of CVE-2023-240
nvd
CVE-2023-24003P4MEDIUMCVSS 5.4fixed in 2.1.4.92023-04-06
CVE-2023-24003 [MEDIUM] CWE-79 CVE-2023-24003: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Timersys WP Popups – WordPre
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Timersys WP Popups – WordPress Popup plugin <= 2.1.4.8 versions.
nvd
CVE-2024-29105P4MEDIUMCVSS 5.9≥ n/a, ≤ 2.1.5.52024-03-19
CVE-2024-29105 [MEDIUM] CWE-79 CVE-2024-29105: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5.
nvd