CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

536 matches found

Popup Builder < 4.0.7 - SQL Injection

The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection. id: CVE-2022-0228 info: name: Popup Builder 4.0.7 -...

7.2CVSS7.1AI score0.04161EPSS

Exploits2References4

Nuclei•added 16 hours ago•8 views

WordPress Popup Builder <= 4.2.3 - Unauthenticated Stored XSS

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. id: CVE-2023-6000 info: name: WordPress Popup Builder = 4.2.3 - Unauthenticated Stored XSS author: riteshs4...

6.1CVSS7.1AI score0.69124EPSS

Exploits4References4

Nuclei•added 16 hours ago•5 views

WordPress Popup Builder < 4.0.7 - Remote Code Execution

Popup Builder WordPress plugin before 4.0.7 contains a local file inclusion caused by unsanitized 'sgpbtype' parameter in require statement, letting attackers include arbitrary local files or execute code via wrappers like PHAR, exploit requires attacker to control 'sgpbtype' parameter. id:...

8.8CVSS7.6AI score0.2966EPSS

Exploits2References2

Nuclei•added yesterday•23 views

Popup Builder Plugin - SQL Injection and Cross-Site Scripting

The Popup Builder WordPress plugin before 4.1.1 is vulnerable to SQL Injection and Reflected XSS via the sgpb-subscription-popup-id parameter. id: CVE-2022-0479 info: name: Popup Builder Plugin - SQL Injection and Cross-Site Scripting author: ritikchaddha severity: critical description: | The Pop...

9.8CVSS7.4AI score0.76374EPSS

Exploits2

Nuclei•added yesterday•17 views

WP Popup Builder Popup Forms and Marketing Lead Generation <= 1.3.5 - Arbitrary Shortcode Execution

The The WP Popup Builder Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wpajaxnoprivshortcodeApiAdd AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that...

9.8CVSS6.2AI score0.89EPSS

Exploits1References3

Nuclei•added yesterday•19 views

Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection

The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.This makes ...

7.5CVSS7.3AI score0.52383EPSS

Exploits6References5

RedhatCVE•added 2026/04/29 2:48 p.m.•1 views

CVE-2026-39666

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Popup Builder: from n/a through = 1.5.1...

6.5CVSS5.2AI score0.00039EPSS

Exploits0References1

NVD•added 2026/04/08 9:16 a.m.•2 views

CVE-2026-39666

6.5CVSS0.00039EPSS

Exploits0References1

CVE•added 2026/04/08 8:30 a.m.•4 views

CVE-2026-39666

The CVE concerns the WordPress plugin Hello Bar Popup Builder by telepathy, affected versions are up to and including 1.5.1. It reports a DOM-Based XSS due to improper input neutralization during web page generation, enabling cross-site scripting. Impact is described as Cross-Site Scripting with ...

6.5CVSS5.9AI score0.00039EPSS

Exploits0References1

Cvelist•added 2026/04/08 8:30 a.m.•19 views

CVE-2026-39666 WordPress Hello Bar Popup Builder plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.00039EPSS

Exploits0References1

ATTACKERKB•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39666

5.9AI score0.00039EPSS

Exploits0References2

Vulnrichment•added 2026/04/08 8:30 a.m.•2 views

CVE-2026-39666 WordPress Hello Bar Popup Builder plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

6.5CVSS5.9AI score0.00039EPSS

Exploits0References1

Positive Technologies•added 2026/04/08 12:0 a.m.•3 views

PT-2026-31228

6.5CVSS5.9AI score0.00039EPSS

Exploits0References4

CNNVD•added 2026/04/08 12:0 a.m.•2 views

WordPress plugin Hello Bar Popup Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.7AI score0.00039EPSS

Exploits0References1

Patchstack•added 2026/03/19 10:51 p.m.•2 views

WordPress Instant Popup Builder plugin <= 1.1.7 - Unauthenticated Arbitrary Shortcode Execution via 'token' Parameter vulnerability

Unauthenticated Arbitrary Shortcode Execution via 'token' Parameter vulnerability discovered by theviper17y in WordPress Plugin Instant Popup Builder versions = 1.1.7...

5.3CVSS5.8AI score0.00089EPSS

Exploits0References1Affected Software1

EUVD•added 2026/03/19 9:30 a.m.•2 views

EUVD-2026-13074

The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode Execution in all versions up to and including 1.1.7. This is due to the handleemailverificationpage function constructing a shortcode string from user-supplied GET parameters token, email and passi...

5.3CVSS6.1AI score0.00089EPSS

Exploits0References7

NVD•added 2026/03/19 8:16 a.m.•2 views

CVE-2026-3475

5.3CVSS0.00089EPSS

Exploits0References6

CVE•added 2026/03/19 7:34 a.m.•7 views

CVE-2026-3475

CVE-2026-3475 affects the WordPress plugin Instant Popup Builder (

5.3CVSS6.1AI score0.00089EPSS

Exploits0References6

ATTACKERKB•added 2026/03/19 7:34 a.m.•2 views