Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total5
Critical1
High2
Medium2
Reset
Showing 1-5 of 5 records
Threat Entry Updated 2024-11-21

CVE-2024-2008 - Popup Plugin

The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of untrusted input in the awl_modal_popup_box_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

PLUGIN Popup

CVE-2024-2008

HIGH CVSS 8.8 2024-04-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-3186 - Popup Plugin

The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.

PLUGIN Popup

CVE-2023-3186

CRITICAL CVSS 9.8 2023-07-17
Open Full Technical Breakdown
Threat Entry Updated 2025-01-30

CVE-2023-0924 - Popup Plugin

The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install.

PLUGIN Popup

CVE-2023-0924

HIGH CVSS 7.2 2023-05-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0424 - Popup Plugin

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users

PLUGIN Popup

CVE-2022-0424

MEDIUM CVSS 5.3 2022-05-09
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24275 - Popup Plugin

The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue

PLUGIN Popup

CVE-2021-24275

MEDIUM CVSS 6.1 2021-05-05
Open Full Technical Breakdown
Scroll to top