Browse all 3 CVE security advisories affecting Popup Box Team. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Popup Box Team develops web-based popup and notification solutions for websites. Historically, their products have been vulnerable to cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from improper input validation and insecure default configurations. The team has addressed multiple CVEs, including critical RCE vulnerabilities in their JavaScript libraries that allowed attackers to execute arbitrary code on vulnerable sites. Their security posture has shown improvement over time, though legacy versions remain at risk. No major public security incidents have been documented, but the consistent pattern of vulnerabilities in their core functionality suggests ongoing challenges in secure coding practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-37096 | WordPress Popup box plugin <= 4.5.1 - Broken Access Control vulnerability — Popup boxCWE-862 | 4.3 | Medium | 2024-11-01 |
| CVE-2024-34367 | WordPress Popup Box plugin <= 4.1.2 - CSRF to XSS vulnerability — Popup boxCWE-352 | 7.1 | High | 2024-05-06 |
| CVE-2023-27414 | WordPress Popup box Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS) — Popup boxCWE-79 | 7.1 | High | 2023-06-21 |
This page lists every published CVE security advisory associated with Popup Box Team. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.