cleantalk
Vulnerabilities and Security Researches

CM Popup Plugin for WordPress – Popup Maker, af27a597e9f76b8af9997983efa52ec0ea31db03

CVE, Research URL

af27a597e9f76b8af9997983efa52ec0ea31db03

Home page URL

Security reports for CM Popup Plugin for WordPress – Popup Maker

Application

CM Popup Plugin for WordPress – Popup Maker

Published on
Mar 27, 2020
Research Description
CM Pop-Up &#8211; Create engaging popups to capture attention and boost interaction [cm-pop-up-banners] < 1.5.0 CM Pop-Up banners <= 1.4.10 - Authenticated Stored Cross-Site Scripting The 'CM Pop-Up banners' plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.5.0.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-68567) , Jan 10, 2026
My auctions allegro (CVE-2025-68566) , Jan 10, 2026
My auctions allegro (CVE-2025-12851) , Dec 10, 2025
New vulnerability
All-In-One Security (AIOS) – Security and Firewall (4d6a4031a3cbd06a805b4c3c43fcc3b4e230a014) , Jun 16, 2026
All-In-One Security (AIOS) – Security and Firewall (cd6aef3988216292b57b1723a1244639a4507466) , Jun 16, 2026
All-In-One Security (AIOS) – Security and Firewall (adfefe17891bc731561e1dd6a68645c45ddce82b) , Jun 16, 2026
All-In-One Security (AIOS) – Security and Firewall (f57c9765198dd8a6cc7f39cac9914dece351c437) , Jun 16, 2026
All-In-One Security (AIOS) – Security and Firewall (fb95e51b7acae41ce9b6896cafc39abf51b71f69) , Jun 16, 2026