2 results (0.002 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2024-5004 – CM Popup Plugin for WordPress < 1.6.6 - Contributor+ Stored XSS

https://notcve.org/view.php?id=CVE-2024-5004

01 Jul 2024 — The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks El CM Popup Plugin complemento de WordPress anterior a 1.6.6 no sanitiza ni escapa a algunas de las configuraciones de la campaña, lo que podría permitir a usuarios con altos privilegios, como los contribuyentes, realizar ataques de Cross Site Scripting almacenado. The CM Popup Plu... • https://wpscan.com/vulnerability/4bea7baa-84a2-4b21-881c-4f17822329e7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-30750 – WordPress CM Pop-Up banners Plugin <= 1.5.10 is vulnerable to SQL Injection

https://notcve.org/view.php?id=CVE-2023-30750

03 May 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en CreativeMindsSolutions CM Popup Plugin for WordPress. Este problema afecta a CM Popup Plugin for WordPress: desde n/a hasta 1.5.10. The CM Pop-Up banners plugin... • https://patchstack.com/database/vulnerability/cm-pop-up-banners/wordpress-cm-pop-up-banners-for-wordpress-plugin-1-5-10-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •