Vulnerabilities and security researches forays-popup-box ays-popup-box
Direction: descendingMay 19, 2025
Popup Box – Best WordPress Popup Plugin # CVE-2024-9599
- CVE, Research URL
- Application
- Date
- May 16, 2025
- Research Description
- The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Nov 16, 2024
Popup Box – Best WordPress Popup Plugin # CVE-2024-10861
- CVE, Research URL
- Application
- Date
- Nov 16, 2024
- Research Description
- The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and including, 4.9.7. This makes it possible for unauthenticated attackers to update the 'ays_pb_upgrade_plugin' option with arbitrary data.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 24, 2024
Popup Box – Best WordPress Popup Plugin # CVE-2024-37096
- CVE, Research URL
- Application
- Date
- Nov 01, 2024
- Research Description
- Missing Authorization vulnerability in Popup Box Team Popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup box: from n/a through 4.5.1.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 07, 2024
Popup Box – Best WordPress Popup Plugin # CVE-2023-5343
- CVE, Research URL
- Application
- Date
- Nov 21, 2023
- Research Description
- The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Popup Box – Best WordPress Popup Plugin # CVE-2021-24458
- CVE, Research URL
- Application
- Date
- Aug 02, 2021
- Research Description
- The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Popup Box – Best WordPress Popup Plugin # CVE-2023-27414
- CVE, Research URL
- Application
- Date
- Jun 21, 2023
- Research Description
- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Popup Box – Best WordPress Popup Plugin # CVE-2023-4390
- CVE, Research URL
- Application
- Date
- Oct 31, 2023
- Research Description
- The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Popup Box – Best WordPress Popup Plugin # CVE-2023-5809
- CVE, Research URL
- Application
- Date
- Dec 05, 2023
- Research Description
- The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Popup Box – Best WordPress Popup Plugin # CVE-2024-3897
- CVE, Research URL
- Application
- Date
- May 02, 2024
- Research Description
- The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to enumerate all emails registered on the website.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Popup Box – Best WordPress Popup Plugin # CVE-2024-34367
- CVE, Research URL
- Application
- Date
- May 07, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).This issue affects Popup box: from n/a through 4.1.2.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Popup Box – Best WordPress Popup Plugin # CVE-2023-5874
- CVE, Research URL
- Application
- Date
- Dec 05, 2023
- Research Description
- The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Popup Box – Best WordPress Popup Plugin # CVE-2023-6591
- CVE, Research URL
- Application
- Date
- Feb 12, 2024
- Research Description
- The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
- Affected versions
-
Min -, max -.
- Status
-
vulnerable