Modal Window

modal_window

Vendor: Wow Company • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-0897 1Wow Company 1Modal Window Feb 25, 2025 Feb 20, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input...Show more The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2025-24717 1Wow Company 1Modal Window Apr 23, 2026 Jan 24, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window modal-window allows Cross Site Request Forgery.This issue affects Modal Window: from n/a through <= 6.1.4.
CVE-2024-43346 1Wow Company 1Modal Window Jul 10, 2025 Aug 18, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3.
CVE-2024-3472 1Wow Company 1Modal Window May 8, 2025 May 2, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack
CVE-2024-2457 1Wow Company 1Modal Window Apr 8, 2026 Apr 9, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 5.3.8 due to insufficient input sanitizat...Show more The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2023-5161 1Wow Company 1Modal Window Apr 8, 2026 Sep 27, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attrib...Show more The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2021-25051 1Wow Company 1Modal Window Nov 21, 2024 Jan 10, 2022 N/A· v4 8.8 HIGH· v3 5.1 MEDIUM· v2 The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.