cleantalk
Vulnerabilities and Security Researches

Popup Box – Best WordPress Popup Plugin, 1569f01e8a0747bada01dc9aea9cfb5493bafe4c

CVE, Research URL

1569f01e8a0747bada01dc9aea9cfb5493bafe4c

Home page URL

Security reports for Popup Box – Best WordPress Popup Plugin

Application

Popup Box – Best WordPress Popup Plugin

Published on
Jun 29, 2021
Research Description
Popup Box &#8211; Create Countdown, Coupon, Video, Contact Form Popups [ays-popup-box] < 2.3.4 Popup box <= 2.3.3 - Cross-Site Scripting The Popup box plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 2.3.4.
Status
vulnerable
Previous vulnerability researches
Popup Box &#8211; Best WordPress Popup Plugin (CVE-2024-37096) , Jun 24, 2024
Popup Box &#8211; Best WordPress Popup Plugin (CVE-2026-54192) , Jun 19, 2026
Popup Box &#8211; Best WordPress Popup Plugin (CVE-2024-9599) , May 19, 2025
Popup Box &#8211; Best WordPress Popup Plugin (f76ca70e36e5617655fc90029c18e6f94ba010fc) , Jun 16, 2026
Popup Box &#8211; Best WordPress Popup Plugin (bd2e0643-c83b-4ca6-9332-66e4c49252ba) , Jun 16, 2026
New vulnerability
WP Travel Gutenberg Blocks (CVE-2026-54808) , Jun 19, 2026
BetterDocs – Best Documentation, FAQ &amp; Knowledge Base Plugin with AI Support (CVE-2026-12157) , Jun 19, 2026
Advanced Import : One Click Import for WordPress or Theme Demo Data (CVE-2026-4328) , Jun 19, 2026
Falang multilanguage for WordPress (CVE-2026-54805) , Jun 19, 2026
SMS Alert Order Notifications &#8211; WooCommerce (CVE-2026-54803) , Jun 19, 2026