Popup Builder@* Security Vulnerabilities and Issues — Popup Builder@* CVE List

Lucene search

SygnoosPopup Builder*

6 matches found

cve•added 2022/02/21 11:15 a.m.•159 views

CVE-2022-0228

The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection

7.2CVSS7.1AI score0.07048EPSS

cve•added 2022/02/21 11:15 a.m.•90 views

CVE-2021-25082

The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrapp...

8.8CVSS8.6AI score0.00948EPSS

cve•added 2022/03/28 6:15 p.m.•76 views

CVE-2022-0479

The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack agai...

9.8CVSS9.2AI score0.76374EPSS

cve•added 2022/07/22 5:15 p.m.•74 views

CVE-2022-29495

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin

5.4CVSS4.6AI score0.00093EPSS

cve•added 2022/07/21 4:15 p.m.•59 views

CVE-2022-32289

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin

5.4CVSS4.7AI score0.00097EPSS

cve•added 2022/07/11 1:15 p.m.•57 views

CVE-2022-1894

The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed

4.8CVSS4.7AI score0.00267EPSS