← Back

Wow Company

wow-company

43 CVEs • 20 products

Products (20)

Click to collapse
Toggle
Modal Window
modal_window
7 CVEs
Counter Box
counter_box
6 CVEs
Button Generator
button_generator
5 CVEs
Wp Coder
wp_coder
5 CVEs
Herd Effects
herd_effects
4 CVEs
Bubble Menu
bubble_menu
3 CVEs
Float Menu
float_menu
3 CVEs
Side Menu Lite
side_menu_lite
3 CVEs
Sticky Buttons
sticky_buttons
3 CVEs
Floating Button
floating_button
2 CVEs
Popup Box
popup_box
2 CVEs
Wow Skype Buttons
wow_skype_buttons
2 CVEs
Viral Signup
viral_signup
2 CVEs
Wow Forms
wow_forms
1 CVE
Wpcalc
wpcalc
1 CVE
Wow Countdowns
wow_countdowns
1 CVE
Hover Effects
hover_effects
1 CVE
Calculator Builder
calculator-builder
1 CVE
Easy Digital Downloads
easy_digital_downloads
1 CVE
Woocommerce Recent Purchases
woocommerce_-_recent_purchases
1 CVE

CVEs (43)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-13901
1Wow Company
1Counter Box
May 26, 2025
Mar 1, 2025
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and includ...Show more
The Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.Show less
CVE-2025-0897
1Wow Company
1Modal Window
Feb 25, 2025
Feb 20, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input...Show more
The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2025-24717
1Wow Company
1Modal Window
Apr 23, 2026
Jan 24, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window modal-window allows Cross Site Request Forgery.This issue affects Modal Window: from n/a through <= 6.1.4.
CVE-2025-24715
1Wow Company
1Counter Box
Apr 23, 2026
Jan 24, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Counter Box counter-box allows Cross Site Request Forgery.This issue affects Counter Box: from n/a through <= 2.0.5.
CVE-2024-6926
1Wow Company
1Viral Signup
Oct 7, 2024
Sep 4, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
CVE-2024-6927
1Wow Company
1Viral Signup
Oct 7, 2024
Aug 29, 2024
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilter...Show more
The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2024-43346
1Wow Company
1Modal Window
Jul 10, 2025
Aug 18, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3.
CVE-2024-35634
1Wow Company
1Woocommerce Recent Purchases
Nov 21, 2024
Jun 4, 2024
N/A· v4
4.9 MEDIUM· v3
N/A· v2
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wow-Company Woocommerce – Recent Purchases allows PHP Local File Inclusion.This issue affects Woocommerce – Recent Purchases...Show more
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wow-Company Woocommerce – Recent Purchases allows PHP Local File Inclusion.This issue affects Woocommerce – Recent Purchases: from n/a through 1.0.1.Show less
CVE-2024-35629
1Wow Company
1Easy Digital Downloads
Nov 21, 2024
Jun 4, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue a...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through 1.0.2.Show less
CVE-2024-3481
1Wow Company
1Counter Box
May 8, 2025
May 2, 2024
N/A· v4
5.2 MEDIUM· v3
N/A· v2
The Counter Box WordPress plugin before 1.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks
CVE-2024-3478
1Wow Company
1Herd Effects
May 8, 2025
May 2, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks
CVE-2024-3477
1Wow Company
1Popup Box
May 8, 2025
May 2, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks
CVE-2024-3476
1Wow Company
1Side Menu Lite
May 8, 2025
May 2, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks
CVE-2024-3475
1Wow Company
1Sticky Buttons
May 8, 2025
May 2, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks
CVE-2024-3474
1Wow Company
1Wow Skype Buttons
Mar 25, 2025
May 2, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks
CVE-2024-3472
1Wow Company
1Modal Window
May 8, 2025
May 2, 2024
N/A· v4
5.9 MEDIUM· v3
N/A· v2
The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack
CVE-2024-3471
1Wow Company
1Button Generator
May 8, 2025
May 2, 2024
N/A· v4
3.4 LOW· v3
N/A· v2
The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack
CVE-2024-2405
1Wow Company
1Float Menu
May 8, 2025
May 2, 2024
N/A· v4
4.5 MEDIUM· v3
N/A· v2
The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack.
CVE-2024-2457
1Wow Company
1Modal Window
Apr 8, 2026
Apr 9, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 5.3.8 due to insufficient input sanitizat...Show more
The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2024-2578
1Wow Company
1Wp Coder
Apr 28, 2026
Mar 21, 2024
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPCoder WP Coder allows Stored XSS.This issue affects WP Coder: from n/a through 3.5.