ByteOS Network

grimmdude

Source -

CNANVD

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2024-8547

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-6.4||MEDIUM

EPSS-0.23% / 45.30%

7 Day CHG~0.00%

Published-28 Sep, 2024 | 02:04

Updated-08 Apr, 2026 | 17:19

Simple Popup Plugin <= 4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [popup] shortcode in all versions up to, and including, 4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor-garrettgrimm grimmdude

Product-simple_popup_plugin Simple Popup Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24416

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-6.8||MEDIUM

EPSS-0.09% / 25.90%

7 Day CHG~0.00%

Published-23 Feb, 2024 | 11:32

Updated-28 Apr, 2026 | 19:19

WordPress All In One Favicon Plugin <= 4.7 is vulnerable to Arbitrary File Deletion

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arne Franken All In One Favicon.This issue affects All In One Favicon: from n/a through 4.7.

Vendor-grimmdude Arne Franken

Product-all_in_one_favicon All In One Favicon

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')