VYPR

Cm Pop Up Banners

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-24694HigMar 3, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Pop-Up banners cm-pop-up-banners allows Reflected XSS.This issue affects CM Pop-Up banners: from n/a through <= 1.7.6.

  • CVE-2024-11202MedNov 26, 2024
    risk 0.33cvss 6.1epss 0.01

    Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cminds_free_guide shortcode in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web…

  • CVE-2024-5799MedSep 12, 2024
    risk 0.31cvss 4.8epss 0.00

    The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.

  • CVE-2025-54018MedJul 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners cm-pop-up-banners allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Pop-Up banners: from n/a through <= 1.8.4.