CVE-2019-25744

WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the posttitle parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads...

WordPress Popup Box - Easily Create WordPress Popups plugin <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Popup Box - Easily Create WordPress Popups plugin = 3.2.12 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Popup Box versions = 3.2.12...

CVE-2026-24998

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through = 7.8.9.2...

CVE-2026-24998

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through = 7.8.9.2...

CVE-2026-24998

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through = 7.8.9.2...

CVE-2026-24998 WordPress Hustle plugin <= 7.8.9.2 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through = 7.8.9.2...

PT-2026-6243

Name of the Vulnerable Software and Affected Versions Hustle versions through 7.8.9.2 Description A flaw exists in the wordpress-popup component of WPMU DEV - Your All-in-One WordPress Platform Hustle that allows the retrieval of embedded sensitive data. This could lead to an exposure of sensitiv...

EUVD-2025-36037

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through = 1.3.6...

PT-2025-43780

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through = 1.3.6...

EUVD-2022-34577

Malicious code in bioql PyPI...

CVE-2025-48363 WordPress Popup for CF7 with Sweet Alert plugin <= 1.6.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Metin Saraç Popup for CF7 with Sweet Alert allows Cross Site Request Forgery. This issue affects Popup for CF7 with Sweet Alert: from n/a through 1.6.5...

CVE-2025-54683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Astoundify WP Modal Popup with Cookie Integration wp-modal-popup-with-cookie-integration allows Reflected XSS.This issue affects WP Modal Popup with Cookie Integration: from n/a through = 2.4...

CVE-2025-54683

CVE-2025-54683 is a WordPress plugin vulnerability in the Astoundify WP Modal Popup with Cookie Integration (≤ 2.4) that enables a reflected Cross-Site Scripting (XSS) due to improper input neutralization during web page generation. Affected product/version: WP Modal Popup with Cookie Integration...

CVE-2025-53279

CVE-2025-53279 is a DOM-based XSS vulnerability in the Popup addon for Ninja Forms, caused by improper input neutralization during web page generation. Affected: Popup addon for Ninja Forms (versions up to 3.4). Impact and exploitability are described in public sources as XSS; CVSS details are pr...

CVE-2022-4125

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well...

CVE-2025-46230 WordPress Popup Builder plugin <= 1.1.35 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in GhozyLab Popup Builder easy-notify-lite allows PHP Local File Inclusion.This issue affects Popup Builder: from n/a through = 1.1.35...

CVE-2025-26882 WordPress Popup Builder plugin <= 1.1.33 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Popup Builder easy-notify-lite allows Stored XSS.This issue affects Popup Builder: from n/a through = 1.1.33...

WordPress Popup Builder Plugin < 4.2.6 Authenticated (Admin+) SSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sygnoos:popupbuilder"; if description...

CVE-2025-24746 WordPress Popup Maker plugin <= 1.20.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Iser Popup Maker popup-maker allows Stored XSS.This issue affects Popup Maker: from n/a through = 1.20.2...

WordPress Popup Box Plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Khang Duong in WordPress Plugin Popup Box versions = 3.2.4...