Vulnerabilities > Code Atlantic

DATE CVE VULNERABILITY TITLE RISK
2024-11-01 CVE-2024-47358 Missing Authorization vulnerability in Code-Atlantic Popup Maker
Missing Authorization vulnerability in Popup Maker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Popup Maker: from n/a through 1.19.2.
network
low complexity
code-atlantic CWE-862
critical
9.8
2024-09-09 CVE-2024-5561 Cross-site Scripting vulnerability in Code-Atlantic Popup Maker
The Popup Maker WordPress plugin before 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
network
low complexity
code-atlantic CWE-79
4.8
2023-12-20 CVE-2022-47597 Unspecified vulnerability in Code-Atlantic Popup Maker
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Popup Maker Popup Maker – Popup for opt-ins, lead gen, & more.This issue affects Popup Maker – Popup for opt-ins, lead gen, & more: from n/a through 1.17.1.
network
low complexity
code-atlantic
7.5
2023-01-23 CVE-2022-4509 Unspecified vulnerability in Code-Atlantic Content Control
The Content Control WordPress plugin before 1.1.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins.
network
low complexity
code-atlantic
5.4
2023-01-02 CVE-2022-4362 Unspecified vulnerability in Code-Atlantic Popup Maker
The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
network
low complexity
code-atlantic
5.4
2023-01-02 CVE-2022-4381 Unspecified vulnerability in Code-Atlantic Popup Maker
The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
network
low complexity
code-atlantic
5.4
2022-11-21 CVE-2022-3690 Unspecified vulnerability in Code-Atlantic Popup Maker
The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins
network
low complexity
code-atlantic
4.8
2022-05-09 CVE-2022-1104 Unspecified vulnerability in Code-Atlantic Popup Maker
The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
network
low complexity
code-atlantic
4.8
2019-10-14 CVE-2019-17574 Authorization Bypass Through User-Controlled Key vulnerability in Code-Atlantic Popup Maker
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress.
network
low complexity
code-atlantic CWE-639
critical
9.1
2017-08-02 CVE-2017-2284 Cross-site Scripting vulnerability in Code-Atlantic Popup Maker
Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
code-atlantic CWE-79
6.1