Popup Box – Create Countdown, Coupon, Video, Contact Form Popups
Approved changes feed: RSS · Atom
cpe:2.3:a:ays-pro:popup_box_–_create_countdown,_coupon,_video,_contact_form_popups:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Ays Pro (900df179-83e7-52e1-a062-7dd4345b4c1d) |
|---|---|
| Product | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups (d68ffe45-6c88-561a-b527-b807660503bc) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-1165 |
vulnerable | 2026-06-03 15:14:43.869199 |
Popup Box <= 6.1.1 - Cross-Site Request Forgery to Popup Status Change
MEDIUM (4.3)
The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publish_unpublish_popupbox' function that verifies a self-created nonce rather than one submitted in the request. This makes it possible for unauthenticated attackers to change the publish status of popups via a forged request, granted they can trick a site administrator into performing an action such as clicking a link.
Published: 2026-01-31T14:22:29.035Z
Updated: 2026-04-08T16:54:35.031Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3897 |
vulnerable | 2026-06-03 14:56:32.307930 |
Popup Box – Best WordPress Popup Plugin <= 4.3.6 - Missing Authorization to Information Exposure
MEDIUM (5.3)
The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to enumerate all emails registered on the website.
Published: 2024-05-02T16:52:48.240Z
Updated: 2026-04-08T17:30:18.726Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10861 |
vulnerable | 2026-06-03 14:54:12.763426 |
Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 4.9.7 - Missing Authorization to Unauthenticated Limited Options Update
MEDIUM (5.3)
The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and including, 4.9.7. This makes it possible for unauthenticated attackers to update the 'ays_pb_upgrade_plugin' option with arbitrary data.
Published: 2024-11-16T02:02:31.802Z
Updated: 2026-04-08T17:20:23.454Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.