GCVE - cpe:2.3:a:accessally:popupally:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:accessally:popupally:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Accessally (`b0313104-1c0a-562e-81f4-440bf100a7c5`)
Product	Popupally (`2fa51c89-4296-5bdf-adcd-66e5bfdc03e2`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-34796`	vulnerable	2026-06-03 14:55:55.301077	WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability MEDIUM (5.9) Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1. Published: 2024-06-03T10:34:53.367Z Updated: 2026-04-28T16:09:50.894Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/popupally/wordpress-popupally-plugin-2-1-1-cross-site-scripting-xss-vulnerability-2?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-33639`	vulnerable	2026-06-03 14:55:52.775297	WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability MEDIUM (5.9) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1. Published: 2024-04-26T07:19:35.051Z Updated: 2026-04-28T16:09:44.684Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/popupally/wordpress-popupally-plugin-2-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-23520`	vulnerable	2026-06-03 14:55:04.038876	WordPress PopupAlly plugin <= 2.1.0 - Broken Access Control vulnerability MEDIUM (4.3) Missing Authorization vulnerability in AccessAlly PopupAlly.This issue affects PopupAlly: from n/a through 2.1.0. Published: 2024-03-26T11:47:10.447Z Updated: 2026-04-28T16:09:10.068Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/popupally/wordpress-popupally-plugin-2-1-0-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-36875`	vulnerable	2026-06-03 14:42:40.167779	AccessAlly < 3.3.2 Unauthenticated Arbitrary PHP Code Execution AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the login_error parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web server process, resulting in remote code execution. Published: 2026-01-09T16:41:06.883Z Updated: 2026-03-05T01:26:53.997Z Open on db.gcve.eu Reference links https://accessally.com/software-release/accessally-3-3-2/ https://wpscan.com/vulnerability/c644de6d-098d-4889-b75d-53fd2b89ff4d/ https://www.vulncheck.com/advisories/accessally-unauthenticated-arbitrary-php-code-execution	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.