Login\/signup Popup
by Xootix
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-5324 | Hig | 0.54 | 8.8 | 0.02 | Jun 6, 2024 | Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level… | ||
| CVE-2020-36715 | Hig | 0.41 | 7.4 | 0.01 | Jun 7, 2023 | The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin… | ||
| CVE-2025-50027 | Med | 0.38 | 5.9 | 0.00 | Jun 20, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xootix Login/Signup Popup easy-login-woocommerce allows Stored XSS.This issue affects Login/Signup Popup: from n/a through <= 2.9.4. | ||
| CVE-2022-0215 | 0.00 | — | 0.01 | Jan 18, 2022 | The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.p… |
- risk 0.54cvss 8.8epss 0.02
Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level…
- risk 0.41cvss 7.4epss 0.01
The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin…
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xootix Login/Signup Popup easy-login-woocommerce allows Stored XSS.This issue affects Login/Signup Popup: from n/a through <= 2.9.4.
- CVE-2022-0215Jan 18, 2022risk 0.00cvss —epss 0.01
The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.p…