CVE-2024-9061

The CVE CVE-2024-9061 affects the WordPress plugin WP Popup Builder – Popup Forms and Marketing Lead Generation. It allows unauthenticated users to perform arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to 1.3.5, due to inadequate validation ...

CVE-2022-2404

The CVE-2022-2404 entry concerns the WP Popup Builder WordPress plugin prior to 1.2.9. Affected component: the plugin’s handling of a parameter in page output. Root cause: failure to sanitize and escape the parameter before reflecting it in the page, leading to a Reflected Cross-Site Scripting vu...

CVE-2022-2405

CVE-2022-2405 affects the WordPress WP Popup Builder plugin (versions prior to 1.2.9). The flaw is an authorization and CSRF weakness in an AJAX action, enabling any authenticated user (e.g., subscribers) to delete arbitrary popups. Affected component is the plugin’s AJAX endpoint lacking proper ...

CVE-2025-62902

CVE-2025-62902 describes a vulnerability in the WordPress plugin WP Popup Builder (wp-popup-builder) where sensitive system information can be exposed to an unauthorized control sphere, enabling retrieval of embedded sensitive data. Affected pages indicate the issue affects WP Popup Builder versi...