Ays-pro Popup_box
10 CVEs affecting Ays-pro Popup_box. Latest disclosed: 2026-04-07. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-24460 | High | 8.8 | 2021-08-02 | The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter befor… |
CVE-2021-24458 | High | 8.8 | 2021-08-02 | The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby para… |
CVE-2023-27414 | High | 7.1 | 2023-06-21 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions. |
CVE-2025-15611 | Medium | 5.4 | 2026-04-07 | The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function before saving popup data, allowing unauth… |
CVE-2024-9599 | Medium | 5.4 | 2025-05-15 | The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform… |
CVE-2023-6591 | Medium | 4.8 | 2024-02-12 | The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform… |
CVE-2023-5874 | Medium | 4.8 | 2023-12-04 | The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform… |
CVE-2023-5809 | Medium | 4.8 | 2023-12-04 | The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform… |
CVE-2023-5343 | Medium | 4.8 | 2023-11-20 | The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform… |
CVE-2023-4390 | Medium | 4.8 | 2023-10-31 | The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to… |