VYPR

Wordpress Popup

by WordPress

Source repositories

CVEs (4)

  • CVE-2026-0911HigJan 24, 2026
    risk 0.42cvss 7.5epss 0.01

    The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This makes it possible for…

  • CVE-2026-2263MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustle_module_converted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it…

  • CVE-2024-10580MedNov 27, 2024
    risk 0.27cvss 5.3epss 0.00

    The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submit_form() function in all versions up to, and including, 7.8.5. This makes it possible for…

  • CVE-2022-1104May 9, 2022
    risk 0.00cvss epss 0.54

    The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed