VYPR

JetPopup

by WordPress

CVEs (6)

  • CVE-2025-26944HigApr 15, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Crocoblock JetPopup jet-popup allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetPopup: from n/a through <= 2.0.11.

  • CVE-2025-53993MedAug 20, 2025
    risk 0.42cvss 6.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetPopup jet-popup allows Retrieve Embedded Sensitive Data.This issue affects JetPopup: from n/a through <= 2.0.15.

  • CVE-2025-53995MedJul 16, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetPopup jet-popup allows Stored XSS.This issue affects JetPopup: from n/a through <= 2.0.15.1.

  • CVE-2025-53994MedJul 16, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetPopup jet-popup allows DOM-Based XSS.This issue affects JetPopup: from n/a through <= 2.0.15.

  • CVE-2022-2305MedAug 1, 2022
    risk 0.31cvss 4.8epss 0.01

    The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite…

  • CVE-2025-68502MedDec 29, 2025
    risk 0.28cvss 4.3epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Crocoblock JetPopup jet-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetPopup: from n/a through <= 2.0.20.1.