Essentialplugin Popup Anything — known CVE vulnerabilities
Every CVE whose affected-product data names Essentialplugin Popup Anything, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2022-2115 — CVSS 6.1 (medium): The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page…
CVE-2021-24883 — CVSS 5.4 (medium): The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users…
CVE-2022-38077 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead…