cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forpop-up-pop-up pop-up-pop-up

Direction: descending
Dec 20, 2024

Pop-up # CVE-2023-38514

CVE, Research URL

CVE-2023-38514

Home page URL

Security reports for Pop-up

Application

Pop-up

Date
Dec 13, 2024
Research Description
Missing Authorization vulnerability in social share pro Social Share Icons & Social Share Buttons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Share Icons & Social Share Buttons: from n/a through 3.5.7.
Affected versions
max 1.2.0.
Status
vulnerable
Jun 06, 2024

Pop-up # CVE-2023-0958

CVE, Research URL

CVE-2023-0958

Home page URL

Security reports for Pop-up

Application

Pop-up

Date
Jul 28, 2023
Research Description
Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability.
Affected versions
max 1.2.0.
Status
vulnerable

Pop-up # CVE-2024-31435

CVE, Research URL

CVE-2024-31435

Home page URL

Security reports for Pop-up

Application

Pop-up

Date
-
Research Description
Pop-up [pop-up-pop-up] < 1.2.4 CVE-2024-31435
Affected versions
max 1.2.4.
Status
vulnerable

Pop-up # CVE-2022-38070

CVE, Research URL

CVE-2022-38070

Home page URL

Security reports for Pop-up

Application

Pop-up

Date
Sep 09, 2022
Research Description
Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress.
Affected versions
max 1.1.2.
Status
vulnerable

Pop-up # CVE-2023-3977

CVE, Research URL

CVE-2023-3977

Home page URL

Security reports for Pop-up

Application

Pop-up

Date
Jul 28, 2023
Research Description
Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.2.0.
Status
vulnerable