Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by Danish Ali Malik
CVE-2025-25118 (GCVE-0-2025-25118)
Vulnerability from cvelistv5 – Published: 2025-03-03 13:30 – Updated: 2026-04-23 14:03
VLAI?
Title
WordPress WPOptin plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Danish Ali Malik Top Bar – PopUps – by WPOptin wpoptin allows Reflected XSS.This issue affects Top Bar – PopUps – by WPOptin: from n/a through <= 2.0.8.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Danish Ali Malik | Top Bar – PopUps – by WPOptin |
Affected:
0 , ≤ 2.0.8
(custom)
|
Date Public ?
2026-04-22 14:32
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T15:59:50.468800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T17:36:16.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wpoptin",
"product": "Top Bar \u2013 PopUps \u2013 by WPOptin",
"vendor": "Danish Ali Malik",
"versions": [
{
"lessThanOrEqual": "2.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:32:15.703Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Danish Ali Malik Top Bar \u2013 PopUps \u2013 by WPOptin wpoptin allows Reflected XSS.\u003cp\u003eThis issue affects Top Bar \u2013 PopUps \u2013 by WPOptin: from n/a through \u003c= 2.0.8.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Danish Ali Malik Top Bar \u2013 PopUps \u2013 by WPOptin wpoptin allows Reflected XSS.This issue affects Top Bar \u2013 PopUps \u2013 by WPOptin: from n/a through \u003c= 2.0.8."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T14:03:37.887Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wpoptin/vulnerability/wordpress-easy-wp-tiles-plugin-1-cross-site-scripting-xss-vulnerability-7?_s_id=cve"
}
],
"title": "WordPress WPOptin plugin \u003c= 2.0.8 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-25118",
"datePublished": "2025-03-03T13:30:24.095Z",
"dateReserved": "2025-02-03T13:34:38.767Z",
"dateUpdated": "2026-04-23T14:03:37.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47645 (GCVE-0-2024-47645)
Vulnerability from cvelistv5 – Published: 2024-10-16 13:35 – Updated: 2026-04-23 13:53
VLAI?
Title
WordPress WPOptin plugin <= 2.0.1 - Local File Inclusion vulnerability
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Danish Ali Malik Top Bar – PopUps – by WPOptin wpoptin allows PHP Local File Inclusion.This issue affects Top Bar – PopUps – by WPOptin: from n/a through <= 2.0.1.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Danish Ali Malik | Top Bar – PopUps – by WPOptin |
Affected:
0 , ≤ 2.0.1
(custom)
|
Date Public ?
2026-04-22 14:36
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sajidjaved:top_bar-popups-by_wpoptin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "top_bar-popups-by_wpoptin",
"vendor": "sajidjaved",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T15:27:47.676330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T15:29:14.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wpoptin",
"product": "Top Bar \u2013 PopUps \u2013 by WPOptin",
"vendor": "Danish Ali Malik",
"versions": [
{
"changes": [
{
"at": "2.0.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "tahu.datar | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:36:56.037Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Danish Ali Malik Top Bar \u2013 PopUps \u2013 by WPOptin wpoptin allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Top Bar \u2013 PopUps \u2013 by WPOptin: from n/a through \u003c= 2.0.1.\u003c/p\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Danish Ali Malik Top Bar \u2013 PopUps \u2013 by WPOptin wpoptin allows PHP Local File Inclusion.This issue affects Top Bar \u2013 PopUps \u2013 by WPOptin: from n/a through \u003c= 2.0.1."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "PHP Local File Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:53:11.274Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wpoptin/vulnerability/wordpress-wpoptin-plugin-2-0-1-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"title": "WordPress WPOptin plugin \u003c= 2.0.1 - Local File Inclusion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-47645",
"datePublished": "2024-10-16T13:35:10.142Z",
"dateReserved": "2024-09-30T11:17:02.622Z",
"dateUpdated": "2026-04-23T13:53:11.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}