Popup Builder@* Security Vulnerabilities and Issues — Popup Builder@* CVE List

Lucene search

SygnoosPopup Builder*

3 matches found

CVE•added 2020/02/17 3:15 p.m.•100 views

CVE-2020-9006

The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator ac...

9.8CVSS10AI score0.41252EPSS

CVE•added 2020/03/13 4:15 p.m.•88 views

CVE-2020-10196

An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several of ...

6.1CVSS6.4AI score0.00229EPSS

CVE•added 2020/03/13 4:15 p.m.•79 views

CVE-2020-10195

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal (sub...

6.5CVSS6.5AI score0.00461EPSS