Skip to main content

Popup Builder

18 CVEs product

Monthly

CVE-2024-9428 MEDIUM POC This Month

The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-2541 MEDIUM This Month

The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the Subscribers Import feature. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Popup Builder
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-3602 MEDIUM This Month

The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers - Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Popup Builder
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-3236 MEDIUM POC This Month

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-2544 HIGH PATCH This Week

The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass XSS Popup Builder
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2023-6696 HIGH PATCH This Week

The Popup Builder - Create highly converting, mobile friendly marketing popups. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress SSRF Popup Builder
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-6000 MEDIUM POC THREAT This Month

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.0%.

XSS WordPress Popup Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
64.0%
Threat
4.6
CVE-2023-3226 MEDIUM POC This Month

The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-29495 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF WordPress Popup Builder
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-32289 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF WordPress Popup Builder
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-1894 MEDIUM POC This Month

The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Popup Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0479 CRITICAL POC PATCH THREAT Act Now

The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS SQLi WordPress Popup Builder
NVD WPScan
CVSS 3.1
9.8
EPSS
44.1%
CVE-2022-0228 HIGH POC This Week

The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Popup Builder
NVD WPScan
CVSS 3.1
7.2
EPSS
5.9%
CVE-2021-24152 MEDIUM This Month

The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Popup Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-10196 MEDIUM POC This Month

An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Popup Builder
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-10195 MEDIUM POC This Month

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Privilege Escalation Information Disclosure Popup Builder
NVD
CVSS 3.1
6.3
EPSS
1.1%
CVE-2020-9006 CRITICAL POC Act Now

The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress RCE SQLi PHP +1
NVD
CVSS 3.1
9.8
EPSS
8.6%
CVE-2019-14695 CRITICAL Act Now

A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress PHP Popup Builder
NVD
CVSS 3.1
9.8
EPSS
2.7%
EPSS 0% CVSS 4.8
MEDIUM POC This Month

The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Builder
NVD WPScan
EPSS 1% CVSS 5.3
MEDIUM This Month

The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the Subscribers Import feature. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Popup Builder
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers - Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Popup Builder
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Builder
NVD WPScan
EPSS 0% CVSS 7.4
HIGH PATCH This Week

The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass XSS +1
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

The Popup Builder - Create highly converting, mobile friendly marketing popups. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress SSRF +1
NVD
EPSS 64% 4.6 CVSS 6.1
MEDIUM POC THREAT This Month

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.0%.

XSS WordPress Popup Builder
NVD WPScan
EPSS 0% CVSS 4.8
MEDIUM POC This Month

The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Builder
NVD WPScan
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF WordPress Popup Builder
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF WordPress Popup Builder
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Popup Builder
NVD WPScan
EPSS 44% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS SQLi WordPress +1
NVD WPScan
EPSS 6% CVSS 7.2
HIGH POC This Week

The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Popup Builder
NVD WPScan
EPSS 1% CVSS 6.1
MEDIUM This Month

The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Popup Builder
NVD WPScan
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP +1
NVD
EPSS 1% CVSS 6.3
MEDIUM POC This Month

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Privilege Escalation +2
NVD
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress RCE +3
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy