Skip to main content

Wp Popup Builder

3 CVEs product

Monthly

CVE-2024-9061 CRITICAL POC PATCH THREAT Act Now

The The WP Popup Builder - Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Authentication Bypass Code Injection WordPress RCE Wp Popup Builder
NVD
CVSS 3.1
9.8
EPSS
51.3%
CVE-2022-2405 MEDIUM POC This Month

The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Popup Builder
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-2404 MEDIUM POC This Month

The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Popup Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
EPSS 51% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The The WP Popup Builder - Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Authentication Bypass Code Injection WordPress +2
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Popup Builder
NVD WPScan
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Popup Builder
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy