CM Popup Plugin
by WordPress
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-30750 | Hig | 0.55 | 8.5 | 0.01 | Dec 20, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10. | ||
| CVE-2024-5004 | Med | 0.31 | 4.8 | 0.00 | Jul 22, 2024 | The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks |
- risk 0.55cvss 8.5epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10.
- risk 0.31cvss 4.8epss 0.00
The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks