Vulnerabilities > WOW Company > Modal Window > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-5161 Unspecified vulnerability in Wow-Company Modal Window
The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
wow-company
5.4
2022-01-10 CVE-2021-25051 Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window
The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.
network
high complexity
wow-company CWE-352
5.1