| CVE-2025-5537 | Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.34 - Authenticated (Author+) Stored Cross-Site Scripting | fooplugins | Lightbox & Modal Popup WordPress Plugin – FooBox | Medium | 6.4 | 2025-07-08 04:22:59 | Deep Dive |
| CVE-2024-11766 | WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | samdani | GS Books Showcase – Display Books in Grid, Slider & More | Library for WordPress | Medium | 6.4 | 2024-12-12 05:24:24 | Deep Dive |
| CVE-2024-11453 | WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | samdani | GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets | Medium | 6.4 | 2024-12-03 07:34:54 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-8547 | Simple Popup Plugin <= 4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | grimmdude | Simple Popup Plugin | Medium | 6.4 | 2024-09-28 02:04:20 | Deep Dive |
| CVE-2024-5668 | Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.28 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes | fooplugins | Lightbox & Modal Popup WordPress Plugin – FooBox | Medium | 6.4 | 2024-08-08 04:31:33 | Deep Dive |
| CVE-2024-5004 | CM Popup Plugin for WordPress < 1.6.6 - Contributor+ Stored XSS | Unknown | CM Popup Plugin for WordPress | - | - | 2024-07-22 06:00:02 | Deep Dive |
| CVE-2024-3276 | FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS | Unknown | Lightbox & Modal Popup WordPress Plugin | - | - | 2024-06-18 06:00:02 | Deep Dive |
| CVE-2024-3897 | Popup Box – Best WordPress Popup Plugin <= 4.3.6 - Missing Authorization to Information Exposure | ays-pro | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups | Medium | 5.3 | 2024-05-02 16:52:48 | Deep Dive |
| CVE-2024-1945 | ARForms Form Builder <= 1.6.4 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Option Deletion | reputeinfosystems | Contact Form, Survey, Quiz & Popup Form Builder – ARForms | High | 7.1 | 2024-05-02 16:51:41 | Deep Dive |
| CVE-2024-32601 | WordPress Popup Anything plugin <= 2.8 - Broken Access Control vulnerability | WP OnlineSupport, Essential Plugin | Popup Anything | Medium | 5.3 | 2024-04-18 08:19:59 | Deep Dive |
| CVE-2024-1698 | NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL Injection | wpdevteam | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | Critical | 9.8 | 2024-02-27 05:33:12 | Deep Dive |
| CVE-2023-6828 | ARForms <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url | reputeinfosystems | Contact Form, Survey, Quiz & Popup Form Builder – ARForms | High | 7.2 | 2024-01-11 08:32:38 | Deep Dive |
| CVE-2023-30750 | WordPress CM Pop-Up banners Plugin <= 1.5.10 is vulnerable to SQL Injection | CreativeMindsSolutions | CM Popup Plugin for WordPress | High | 8.5 | 2023-12-20 17:06:20 | Deep Dive |
| CVE-2023-46824 | WordPress Slick Popup Plugin <= 1.7.14 is vulnerable to Cross Site Scripting (XSS) | Om Ak Solutions | Slick Popup: Contact Form 7 Popup Plugin | 中危 | - | 2023-11-06 09:43:43 | Deep Dive |
| CVE-2020-36744 | NotificationX <= 1.8.2 - Cross-Site Request Forgery Bypass | wpdevteam | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | Medium | 4.3 | 2023-07-01 04:26:51 | Deep Dive |
| CVE-2022-38077 | WordPress Popup Anything Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF) | WP OnlineSupport, Essential Plugin | Popup Anything – A Marketing Popup and Lead Generation Conversions | Medium | 4.3 | 2023-03-29 12:19:04 | Deep Dive |
| CVE-2023-28661 | WordPress Plugin WP Popup Banners SQL注入漏洞 | - | WP Popup Banners WordPress Plugin | 高危 | - | 2023-03-22 00:00:00 | Deep Dive |
| CVE-2015-10095 | woo-popup Plugin class-woo-popup-admin.php cross site scripting | - | woo-popup Plugin | Low | 3.5 | 2023-03-06 20:31:04 | Deep Dive |
| CVE-2022-36340 | WordPress MailOptin plugin <= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion vulnerability | MailOptin Popup Builder Team | MailOptin (WordPress plugin) | Medium | 6.5 | 2022-09-23 18:31:51 | Deep Dive |