Vulnerabilities > WOW Company > Modal Window
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-5161 | Unspecified vulnerability in Wow-Company Modal Window The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2022-01-10 | CVE-2021-25051 | Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. | 5.1 |