CVE-2022-4716 — CVSS 5.4 (medium): The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in…
CVE-2023-1905 — CVSS 5.4 (medium): The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before…