Wpoptin
by WordPress
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-47645 | Hig | 0.49 | 7.5 | 0.00 | Oct 16, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Danish Ali Malik Top Bar – PopUps – by WPOptin wpoptin allows PHP Local File Inclusion.This issue affects Top Bar – PopUps – by WPOptin: from n/a through <= 2.0.1. | ||
| CVE-2025-25118 | Hig | 0.46 | 7.1 | 0.00 | Mar 3, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Danish Ali Malik Top Bar – PopUps – by WPOptin wpoptin allows Reflected XSS.This issue affects Top Bar – PopUps – by WPOptin: from n/a through <= 2.0.8. | ||
| CVE-2022-2123 | Med | 0.28 | 4.3 | 0.00 | Jul 11, 2022 | The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails. |
- risk 0.49cvss 7.5epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Danish Ali Malik Top Bar – PopUps – by WPOptin wpoptin allows PHP Local File Inclusion.This issue affects Top Bar – PopUps – by WPOptin: from n/a through <= 2.0.1.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Danish Ali Malik Top Bar – PopUps – by WPOptin wpoptin allows Reflected XSS.This issue affects Top Bar – PopUps – by WPOptin: from n/a through <= 2.0.8.
- risk 0.28cvss 4.3epss 0.00
The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails.