essentialplugin CVE Vulnerabilities & Metrics

Focus on essentialplugin vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About essentialplugin Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with essentialplugin. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total essentialplugin CVEs: 6
Earliest CVE date: 29 Nov 2021, 09:15 UTC
Latest CVE date: 06 Jun 2024, 02:15 UTC

Latest CVE reference: CVE-2024-4194

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -66.67%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -66.67%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical essentialplugin CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.58

Max CVSS: 3.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	6
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS essentialplugin CVEs

These are the five CVEs with the highest CVSS scores for essentialplugin, sorted by severity first and recency.

CVE-2021-24883 essentialplugin Published on 29 Nov 2021, 09:15 UTC (CVSS: 3.5)
The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
CVE-2024-4194 essentialplugin Published on 06 Jun 2024, 02:15 UTC (CVSS: 0)
The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVE-2023-38516 essentialplugin Published on 03 Sep 2023, 12:15 UTC (CVSS: 0)
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Audio Player with Playlist Ultimate plugin <= 1.2.2 versions.
CVE-2022-45818 essentialplugin Published on 04 May 2023, 13:15 UTC (CVSS: 0)
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate plugin <= 1.3.4 versions.
CVE-2022-38077 essentialplugin Published on 29 Mar 2023, 13:15 UTC (CVSS: 0)
Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions.

All CVEs for essentialplugin

CVE-2024-4194 essentialplugin vulnerability CVSS: 0 06 Jun 2024, 02:15 UTC

The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

CVE-2023-38516 essentialplugin vulnerability CVSS: 0 03 Sep 2023, 12:15 UTC

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Audio Player with Playlist Ultimate plugin <= 1.2.2 versions.

CVE-2022-45818 essentialplugin vulnerability CVSS: 0 04 May 2023, 13:15 UTC

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate plugin <= 1.3.4 versions.

CVE-2022-38077 essentialplugin vulnerability CVSS: 0 29 Mar 2023, 13:15 UTC

Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions.

CVE-2022-2115 essentialplugin vulnerability CVSS: 0 25 Jul 2022, 13:15 UTC

The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting

CVE-2021-24883 essentialplugin vulnerability CVSS: 3.5 29 Nov 2021, 09:15 UTC

The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks