cleantalk
Vulnerabilities and Security Researches

Popup Box – Best WordPress Popup Plugin, dbba8c2356e5b6608eff09535d320a3bfe966feb

CVE, Research URL

dbba8c2356e5b6608eff09535d320a3bfe966feb

Home page URL

Security reports for Popup Box – Best WordPress Popup Plugin

Application

Popup Box – Best WordPress Popup Plugin

Published on
Aug 29, 2023
Research Description
Popup Box &#8211; Create Countdown, Coupon, Video, Contact Form Popups [ays-popup-box] < 3.7.2 Popup Box <= 3.7.1 - Authenticated(Administrator+) Stored Cross-Site Scripting The Popup Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
max 3.7.2.
Status
vulnerable
Previous vulnerability researches
Popup Box &#8211; Best WordPress Popup Plugin (CVE-2024-37096) , Jun 24, 2024
Popup Box &#8211; Best WordPress Popup Plugin (CVE-2026-54192) , Jun 19, 2026
Popup Box &#8211; Best WordPress Popup Plugin (CVE-2024-9599) , May 19, 2025
Popup Box &#8211; Best WordPress Popup Plugin (f76ca70e36e5617655fc90029c18e6f94ba010fc) , Jun 16, 2026
Popup Box &#8211; Best WordPress Popup Plugin (bd2e0643-c83b-4ca6-9332-66e4c49252ba) , Jun 16, 2026
New vulnerability
WP Travel Gutenberg Blocks (CVE-2026-54808) , Jun 19, 2026
BetterDocs – Best Documentation, FAQ &amp; Knowledge Base Plugin with AI Support (CVE-2026-12157) , Jun 19, 2026
Advanced Import : One Click Import for WordPress or Theme Demo Data (CVE-2026-4328) , Jun 19, 2026
Falang multilanguage for WordPress (CVE-2026-54805) , Jun 19, 2026
SMS Alert Order Notifications &#8211; WooCommerce (CVE-2026-54803) , Jun 19, 2026