CVE-2019-25744

WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the posttitle parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads...

EUVD-2025-36037

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through = 1.3.6...

PT-2025-43780

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through = 1.3.6...

CVE-2025-46230 WordPress Popup Builder plugin <= 1.1.35 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in GhozyLab Popup Builder easy-notify-lite allows PHP Local File Inclusion.This issue affects Popup Builder: from n/a through = 1.1.35...

CVE-2025-26882 WordPress Popup Builder plugin <= 1.1.33 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Popup Builder easy-notify-lite allows Stored XSS.This issue affects Popup Builder: from n/a through = 1.1.33...

WordPress Popup Builder Plugin < 4.2.6 Authenticated (Admin+) SSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sygnoos:popupbuilder"; if description...

CVE-2024-2541

The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via...

WordPress Popup Builder Plugin <= 4.3.4 is vulnerable to Sensitive Data Exposure

Software Popup Builder Type Plugin Vulnerable versions = 4.3.4 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2541 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6c83b1e3c00b Credits Tim Coen Required privilege...

CVE-2024-6555 WP Popups – WordPress Popup builder <= 2.2.0.1 - Unauthenticated Full Path Disclosure

The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to...

WordPress Popup Builder Plugin <= 4.3.1 is vulnerable to Broken Access Control

Software Popup Builder Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6696 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 7eeb41bcfcb3 Credits Lucio Sá Required privilege...

WordPress Popup Builder Plugin <= 4.3.0 is vulnerable to Broken Access Control

Software Popup Builder Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2544 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 4d2b92dba351 Credits Alex Thomas Required...

WordPress Popup Builder Plugin <= 4.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2506 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5081e1f78a97 Credits Tim Coen Required privileg...

WordPress Popup Builder Plugin < 1.1.33 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions 1.1.33 Fixed in 1.1.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3236 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c56e5abe41cb Credits Eunho Kim Required privile...

WordPress plugin Popup Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Popup Builder Plugin <= 1.1.29 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions = 1.1.29 Fixed in 1.1.30 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34567 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 42654a589b9a Credits Rayhan Ramdhany Hanaputra Required...

WordPress Popup Builder Plugin <= 4.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions = 4.2.6 Fixed in 4.2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30184 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID be71da5ede09 Credits LVT-tholv2k Required privilege Contribut...

WordPress Popup Builder Plugin < 4.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions 4.2.3 Fixed in 4.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6000 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 14212aacf7f9 Credits Marc Montpas Required...

WordPress Popup Builder Plugin < 4.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions 4.2.2 Fixed in 4.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3226 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3861c79d8ad1 Credits Dipak Panchal th3.d1pak...

WP Popup Builder < 1.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC The custom-popup parameter needs to be the ID of an existing popup https://example.com/wp-admin/admin.php?page=wppb&pos-name;=xxx"...

WordPress Popup Builder Plugin <= 4.1.11 CSRF Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...