14 matches found
CVE-2019-17574
The CVE concerns the WordPress Popup Maker plugin prior to version 1.8.13. An unauthenticated attacker can partially control the arguments passed to the do_action function to invoke certain popmake_ or pum_ methods, demonstrated by manipulation of the popmake-system-info.txt “support debug text f...
CVE-2024-47358
CVE-2024-47358 is a Broken Access Control vulnerability in WordPress Popup Maker plugin versions up to 1.19.2, enabling unauthenticated access to functionality constrained by ACLs. Patchstack confirms vulnerable range <= 1.19.2 and fixes applied in 1.20.0. The CVE entry centers on missing auth...
CVE-2022-1104
CVE-2022-1104 affects the WordPress Popup Maker plugin (pre-1.16.5). The vulnerability arises from insufficient sanitisation/escaping of certain Popup settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Connected advisorie...
CVE-2022-3690
CVE-2022-3690 affects the WordPress Popup Maker plugin for versions prior to 1.16.11. The issue is a stored XSS vulnerability caused by not sanitising and escaping certain popup options, allowing a user with Contributor+ privileges to inject code that could affect admins. Exploitation details and...
CVE-2017-2284
CVE-2017-2284 affects the WordPress Popup Maker plugin. A cross-site scripting vulnerability exists in Popup Maker prior to version 1.6.5. The public details describe a reflected/unspecified-XSS risk that could allow injection of arbitrary scripts in pages processed by the plugin, potentially aff...
CVE-2024-2336
CVE-2024-2336 affects the WordPress plugin Popup Maker – Popup for opt-ins, lead gen, & more. All versions up to 1.18.2 are vulnerable to Stored Cross‑Site Scripting via shortcode attributes due to insufficient input sanitization/output escaping. Exploitation requires contributor‑level privileges...
CVE-2025-24746
CVE-2025-24746 is a stored Cross-Site Scripting vulnerability in the WordPress plugin Popup Maker (versions
CVE-2022-4381
CVE-2022-4381 affects the WordPress plugin Popup Maker prior to version 1.16.9. The root cause is failure to validate and escape a shortcode attribute, enabling Stored Cross-Site Scripting (XSS) where users with as low as contributor role can inject scripts. This yields potential for stored paylo...
CVE-2022-4362
CVE-2022-4362 affects the Popup Maker WordPress plugin prior to 1.16.9. The root cause is failure to validate and escape one shortcode attribute, enabling Stored XSS for users with as low as contributor. Impact per sources: potential Stored XSS with confidentiality/integrity impact, CVSSv3.1 base...
CVE-2024-10583
CVE-2024-10583 : The Popup Maker – Boost Sales, Conversions, Optins, Subscribers (WordPress) is vulnerable to Stored XSS via the post_title parameter in all versions up to 1.20.2 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access (Contributor le...
CVE-2024-7054
CVE-2024-7054 affects the Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress. It is a Stored Cross-Site Scripting (XSS) vulnerability in the close_text parameter, exploitable in all versions up to and including 1.19.0 due to insuff...
CVE-2022-45819
CVE-2022-45819 affects the WordPress Popup Maker plugin up to version 1.17.1. Root cause: broken access control due to missing authorization checks. Impact: potential missing authorization could lead to unauthorized access to plugin functionality (low-severity, CVSSv3.1 base score 3.5). Exploitat...
CVE-2024-5561
CVE-2024-5561 affects the Popup Maker WordPress plugin (pre-1.19.1). The issue arises because the plugin does not sanitize and escape certain settings, enabling stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multisite). Red Hat and OSV entri...
CVE-2022-47597
The CVE-2022-47597 entry affects the WordPress plugin Popup Maker (Popup for opt-ins, lead gen, & more) up to version 1.17.1. Multiple sources confirm an information disclosure vulnerability where sensitive data could be exposed to unauthenticated actors. NVD scores it CVSS v3.1 at 7.5 (High) wit...