CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

548 matches found

Popup Builder < 4.0.7 - SQL Injection

The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection. id: CVE-2022-0228 info: name: Popup Builder 4.0.7 -...

7.2CVSS7.2AI score0.04161EPSS

Exploits2References4

Nuclei•added 6 hours ago•7 views

WordPress Popup Builder < 4.0.7 - Remote Code Execution

Popup Builder WordPress plugin before 4.0.7 contains a local file inclusion caused by unsanitized 'sgpbtype' parameter in require statement, letting attackers include arbitrary local files or execute code via wrappers like PHAR, exploit requires attacker to control 'sgpbtype' parameter. id:...

8.8CVSS7.9AI score0.2966EPSS

Exploits2References2

Nuclei•added 6 hours ago•18 views

WP Popup Builder Popup Forms and Marketing Lead Generation <= 1.3.5 - Arbitrary Shortcode Execution

The The WP Popup Builder Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wpajaxnoprivshortcodeApiAdd AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that...

9.8CVSS6AI score0.89EPSS

Exploits1References3

Nuclei•added yesterday•26 views

Popup Builder Plugin - SQL Injection and Cross-Site Scripting

The Popup Builder WordPress plugin before 4.1.1 is vulnerable to SQL Injection and Reflected XSS via the sgpb-subscription-popup-id parameter. id: CVE-2022-0479 info: name: Popup Builder Plugin - SQL Injection and Cross-Site Scripting author: ritikchaddha severity: critical description: | The Pop...

9.8CVSS8AI score0.76374EPSS

Exploits2

Nuclei•added 2 days ago•9 views

WordPress Popup Builder <= 4.2.3 - Unauthenticated Stored XSS

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. id: CVE-2023-6000 info: name: WordPress Popup Builder = 4.2.3 - Unauthenticated Stored XSS author: riteshs4...

6.1CVSS7.2AI score0.69124EPSS

Exploits4References4

Nuclei•added 2 days ago•22 views

Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection

The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.This makes ...

7.5CVSS8.1AI score0.47524EPSS

Exploits6References5

NVD•added 6 days ago•4 views

CVE-2019-25744

WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the posttitle parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads...

5.4CVSS0.0003EPSS

Exploits0References4

Vulnrichment•added 6 days ago•5 views

CVE-2019-25744 WordPress Popup Builder 3.49 Persistent Cross-Site Scripting

5.4CVSS5.7AI score0.0003EPSS

Exploits0References4

Cvelist•added 6 days ago•29 views

CVE-2019-25744 WordPress Popup Builder 3.49 Persistent Cross-Site Scripting

5.4CVSS0.0003EPSS

Exploits0References4

ATTACKERKB•added 6 days ago•5 views

CVE-2019-25744

6.4CVSS5.7AI score0.0003EPSS

Exploits0References4Affected Software1

EUVD•added 6 days ago•4 views

EUVD-2019-20180

6.4CVSS5.7AI score0.0003EPSS

Exploits0References4

CVE•added 6 days ago•7 views

CVE-2019-25744

The CVE-2019-25744 entry concerns WordPress Popup Builder 3.49, which is vulnerable to a persistent cross-site scripting (XSS) flaw. The affected component is the post_title parameter, where an attacker can break out of option tags and craft POST requests to the post.php endpoint with a script pa...

5.4CVSS5.7AI score0.0003EPSS

Exploits0References4

Positive Technologies•added 6 days ago•7 views

PT-2026-46214

WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post title parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payload...

6.4CVSS5.7AI score0.0003EPSS

Exploits0References5

RedhatCVE•added 2026/04/29 2:48 p.m.•2 views

CVE-2026-39666

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Popup Builder: from n/a through = 1.5.1...

6.5CVSS5.2AI score0.00039EPSS

Exploits0References1

NVD•added 2026/04/08 9:16 a.m.•3 views

CVE-2026-39666

6.5CVSS0.00039EPSS

Exploits0References1

CVE•added 2026/04/08 8:30 a.m.•6 views

CVE-2026-39666

The CVE concerns the WordPress plugin Hello Bar Popup Builder by telepathy, affected versions are up to and including 1.5.1. It reports a DOM-Based XSS due to improper input neutralization during web page generation, enabling cross-site scripting. Impact is described as Cross-Site Scripting with ...

6.5CVSS5.9AI score0.00039EPSS

Exploits0References1

Cvelist•added 2026/04/08 8:30 a.m.•21 views

CVE-2026-39666 WordPress Hello Bar Popup Builder plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.00039EPSS

Exploits0References1

ATTACKERKB•added 2026/04/08 8:30 a.m.•3 views

CVE-2026-39666

5.9AI score0.00039EPSS

Exploits0References2

Vulnrichment•added 2026/04/08 8:30 a.m.•3 views

CVE-2026-39666 WordPress Hello Bar Popup Builder plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability