Wow-company Modal_window
7 CVEs affecting Wow-company Modal_window. Latest disclosed: 2025-02-20. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-25051 | High | 8.8 | 2022-01-10 | The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with da… |
CVE-2024-43346 | Medium | 6.5 | 2024-08-18 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wow-Company Modal Window allows Stored XSS.This is… |
CVE-2025-0897 | Medium | 6.4 | 2025-02-20 | The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all ve… |
CVE-2024-2457 | Medium | 6.4 | 2024-04-09 | The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up… |
CVE-2023-5161 | Medium | 6.4 | 2023-09-27 | The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient i… |
CVE-2024-3472 | Medium | 5.9 | 2024-05-02 | The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in a… |
CVE-2025-24717 | Medium | 5.4 | 2025-01-24 | Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window modal-window allows Cross Site Request Forgery.This issue affects Modal Window: fro… |