VYPR

Popup Anything

by WordPress

CVEs (4)

  • CVE-2025-39397HigApr 24, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus@hotmail.com Anything Popup anything-popup allows Reflected XSS.This issue affects Anything Popup: from n/a through <= 7.3.

  • CVE-2022-2115MedJul 25, 2022
    risk 0.40cvss 6.1epss 0.01

    The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting

  • CVE-2021-24883MedNov 29, 2021
    risk 0.35cvss 5.4epss 0.01

    The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks

  • CVE-2024-32601MedApr 18, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Popup Anything.This issue affects Popup Anything: from n/a through 2.8.