Wow-company Modal Window — known CVE vulnerabilities
Every CVE whose affected-product data names Wow-company Modal Window, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2021-25051 — CVSS 8.8 (high): The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension…
CVE-2024-43346 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wow-Company Modal Window…
CVE-2025-0897 — CVSS 6.4 (medium): The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
CVE-2023-5161 — CVSS 6.4 (medium): The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5…
CVE-2024-2457 — CVSS 6.4 (medium): The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
CVE-2024-3472 — CVSS 5.9 (medium): The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to…