cleantalk
Vulnerabilities and Security Researches

CM Popup Plugin for WordPress – Popup Maker, CVE-2024-5799

CVE, Research URL

CVE-2024-5799

Home page URL

Security reports for CM Popup Plugin for WordPress – Popup Maker

Application

CM Popup Plugin for WordPress – Popup Maker

Published on
Sep 12, 2024
Research Description
The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.
Affected versions
Min -, max 1.7.3.
Status
vulnerable
Previous vulnerability researches
CM Popup Plugin for WordPress – Popup Maker (CVE-2025-54018) , Jul 19, 2025
CM Popup Plugin for WordPress – Popup Maker (CVE-2023-30750) , Jun 06, 2024
CM Popup Plugin for WordPress – Popup Maker (bd83e4633dafac3814d85f28a03f71003eba1259) , Jun 06, 2024
CM Popup Plugin for WordPress – Popup Maker (CVE-2024-11202) , Nov 27, 2024
CM Popup Plugin for WordPress – Popup Maker (CVE-2025-24758) , Feb 19, 2025
New vulnerability
DB Backup (CVE-2025-50031) , Jul 19, 2025
Vchasno Kasa (CVE-2025-6720) , Jul 19, 2025
Vchasno Kasa (CVE-2025-6721) , Jul 19, 2025
Media Library Assistant (CVE-2025-7035) , Jul 19, 2025
Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History (CVE-2025-54041) , Jul 19, 2025