GCVE - cpe:2.3:a:essentialplugin:popup_anything:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:essentialplugin:popup_anything:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Essentialplugin (`7cc9011c-ee3a-5cc4-b415-3927e0ae0329`)
Product	Popup Anything (`b100f731-3275-5575-b389-771ccfa9932b`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-38077`	vulnerable	2026-06-03 14:47:48.432763	WordPress Popup Anything Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF) MEDIUM (4.3) Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions. Published: 2023-03-29T12:19:03.503Z Updated: 2026-04-28T16:07:46.937Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/popup-anything-on-click/wordpress-popup-anything-plugin-2-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-2115`	vulnerable	2026-06-03 14:47:00.290514	Popup Anything < 2.1.7 - Reflected Cross-Site Scripting The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting Published: 2022-07-25T12:46:58.000Z Updated: 2024-08-03T00:24:44.274Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/1f0ae535-c560-4510-ae9a-059e2435ad39	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24883`	vulnerable	2026-06-03 14:44:03.904369	Popup Anything < 2.0.4 - Contributor+ Stored Cross-Site Scripting The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks Published: 2021-11-29T08:25:44.000Z Updated: 2024-08-03T19:49:12.675Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/c5dd3812-ea20-4e05-a5d3-84830b452822 https://www.fortiguard.com/zeroday/FG-VD-21-069 https://plugins.trac.wordpress.org/changeset/2610975	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Popup Anything

PURL mappings

Vulnerability references

Contribute