CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38077 – WordPress Popup Anything Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-38077
28 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions. The WP OnlineSupport, Essential Plugin Popup Anything plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.1. This is due to missing nonce validation on the popupaoc_register_settings() function. This makes it possible for unauthenticated attackers to reset the plugin's settings gra... • https://patchstack.com/database/vulnerability/popup-anything-on-click/wordpress-popup-anything-plugin-2-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2115 – Popup Anything < 2.1.7 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2115
04 Jul 2022 — The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting El plugin Popup Anything de WordPress versiones anteriores a 2.1.7, no sanea y escapa de un parámetro antes de devolverlo a una página del frontend, conllevando a un ataque de tipo Cross-Site Scripting Reflejado The Popup Anything – A Marketing Popup and Lead Generation Conversions plugin for WordPress is vulnerable to Reflected C... • https://wpscan.com/vulnerability/1f0ae535-c560-4510-ae9a-059e2435ad39 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24883 – Popup Anything < 2.0.4 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24883
25 Oct 2021 — The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks El plugin Popup Anything de WordPress versiones anteriores a 2.0.4, no escapa los campos Link Text y Button Text del Popup, que podría permitir a usuarios con un rol tan bajo como el de Contributor llevar a cabo ataques de tipo Cross-Site Scripting • https://plugins.trac.wordpress.org/changeset/2610975 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •