← Back

Essentialplugin

essentialplugin

9 CVEs • 7 products

Products (7)

Click to collapse
Toggle
Popup Anything
popup_anything
3 CVEs
Download Post Category Image With Grid And Slider
download_post_category_image_with_grid_and_slider
1 CVE
Wp Blog And Widget
wp_blog_and_widget
1 CVE
Product Slider And Carousel With Category With Woocommerce
product_slider_and_carousel_with_category_with_woocommerce
1 CVE
Hero Banner Ultimate
hero_banner_ultimate
1 CVE
Audio Player With Playlist Ultimate
audio_player_with_playlist_ultimate
1 CVE
Album And Image Gallery Plus Lightbox
album_and_image_gallery_plus_lightbox
1 CVE

CVEs (9)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-4194
1Essentialplugin
1Album And Image Gallery Plus Lightbox
Jun 17, 2026
Jun 6, 2024
N/A· v4
7.3 HIGH· v3
N/A· v2
The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action...Show more
The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.Show less
CVE-2023-38516
1Essentialplugin
1Audio Player With Playlist Ultimate
Jun 17, 2026
Sep 3, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Audio Player with Playlist Ultimate plugin <= 1.2.2 versions.
CVE-2022-45818
1Essentialplugin
1Hero Banner Ultimate
Jun 17, 2026
May 4, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate plugin <= 1.3.4 versions.
CVE-2022-38077
1Essentialplugin
1Popup Anything
Jun 17, 2026
Mar 29, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions.
CVE-2022-4791
1Essentialplugin
1Product Slider And Carousel With Category With Woocommerce
Jun 17, 2026
Feb 21, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform...Show more
The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.Show less
CVE-2022-4824
1Essentialplugin
1Wp Blog And Widget
Jun 17, 2026
Feb 6, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to pe...Show more
The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.Show less
CVE-2022-4747
1Essentialplugin
1Download Post Category Image With Grid And Slider
Jun 17, 2026
Feb 6, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low...Show more
The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.Show less
CVE-2022-2115
1Essentialplugin
1Popup Anything
Jun 17, 2026
Jul 25, 2022
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting
CVE-2021-24883
1Essentialplugin
1Popup Anything
Jun 17, 2026
Nov 29, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks