← Back

Popup Anything

popup_anything

Vendor: Essentialplugin • 3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-38077
1Essentialplugin
1Popup Anything
Jun 17, 2026
Mar 29, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions.
CVE-2022-2115
1Essentialplugin
1Popup Anything
Jun 17, 2026
Jul 25, 2022
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting
CVE-2021-24883
1Essentialplugin
1Popup Anything
Jun 17, 2026
Nov 29, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks