Popup Builder – Create highly converting, mobile friendly marketing popups.

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Popup Builder – Create highly converting, mobile friendly marketing popups.

Information

Software Type Plugin
Software Slug popup-builder (view on wordpress.org)
Software Status Active
Software Author popupbuilder
Software Website popup-builder.com
Software Downloads 9,864,736
Software Active Installs 200,000
Software Record Last Updated May 2, 2024

16 Vulnerabilities

Popup Builder <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2024-30184
Mar 25, 2024
Researcher: LVT-tholv2k
Popup Builder <= 4.2.5 - Authenticated (Admin+) Server-Side Request Forgery
5.5
CVE-2023-6294
Jan 17, 2024
Researcher: Sebastian Neef
Popup Builder <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting
6.1
CVE-2023-6000
Dec 11, 2023
Researcher: Marc-Alexandre Montpas
Popup Builder <= 4.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-3226
Aug 28, 2023
Researcher: Dipak Panchal (th3.d1p4k)
Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.1.11 - Cross-Site Request Forgery to Settings Update
8.8
CVE-2022-29495
Jun 30, 2022
Researcher: Rafie Muhammad
Popup Builder <= 4.1.10 - Authenticated (Admin+) Cross-Site Scripting
5.5
CVE-2022-1894
Jun 20, 2022
Researcher: Pritam Dash
Popup Builder <= 4.1.0 - Cross-Site Request Forgery
4.3
CVE-2022-32289
Jun 17, 2022
Researcher: Vladislav Pokrovsky (ΞX.MI)
Popup Builder <= 4.1.0 - SQL Injection
9.8
CVE-2022-0479
Mar 7, 2022
Researcher: Krzysztof Zając
Popup Builder <= 4.0.6 - Authenticated SQL Injection via order & orderby Parameters
7.2
CVE-2022-0228
Jan 24, 2022
Researcher: Tony Wu
Popup Builder <= 4.0.6 - Local File Inclusion and PHAR Deserialization
8.8
CVE-2021-25082
Jan 24, 2022
Researcher: ZhongFu Su
Popup Builder <= 3.73 - Reflected Cross-Site Scripting
6.1
CVE-2021-24152
Feb 2, 2021
Researcher: Nguyen Anh Tien
Popup Builder <= 3.72 Missing Authorization on AJAX actions
6.3
CVE ID Unknown
Jan 28, 2021
Researcher: Patchstack
Popup Builder <= 3.63 - Unauthenticated Stored Cross-Site Scripting
8.3
CVE-2020-10196
Mar 12, 2020
Researcher: Ram
Popup Builder <= 3.63 - Authenticated Settings Modification, Configuration Disclosure, and User Data Export
6.3
CVE-2020-10195
Mar 12, 2020
Researcher: Ram
Popup Builder 2.2.8 - 2.6.7.6 - PHP Object Injection
9.8
CVE-2020-9006
Feb 16, 2020
Researcher: Zeroauth
Popup Builder <= 3.44 - SQL Injection
9.8
CVE-2019-14695
Aug 6, 2019
Researcher: Tin Duong
Title CVE ID CVSS Researchers Date
Popup Builder <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-30184 6.4 LVT-tholv2k March 25, 2024
Popup Builder <= 4.2.5 - Authenticated (Admin+) Server-Side Request Forgery CVE-2023-6294 5.5 Sebastian Neef January 17, 2024
Popup Builder <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting CVE-2023-6000 6.1 Marc-Alexandre Montpas December 11, 2023
Popup Builder <= 4.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-3226 4.4 Dipak Panchal (th3.d1p4k) August 28, 2023
Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.1.11 - Cross-Site Request Forgery to Settings Update CVE-2022-29495 8.8 Rafie Muhammad June 30, 2022
Popup Builder <= 4.1.10 - Authenticated (Admin+) Cross-Site Scripting CVE-2022-1894 5.5 Pritam Dash June 20, 2022
Popup Builder <= 4.1.0 - Cross-Site Request Forgery CVE-2022-32289 4.3 Vladislav Pokrovsky (ΞX.MI) June 17, 2022
Popup Builder <= 4.1.0 - SQL Injection CVE-2022-0479 9.8 Krzysztof Zając March 7, 2022
Popup Builder <= 4.0.6 - Authenticated SQL Injection via order & orderby Parameters CVE-2022-0228 7.2 Tony Wu January 24, 2022
Popup Builder <= 4.0.6 - Local File Inclusion and PHAR Deserialization CVE-2021-25082 8.8 ZhongFu Su January 24, 2022
Popup Builder <= 3.73 - Reflected Cross-Site Scripting CVE-2021-24152 6.1 Nguyen Anh Tien February 2, 2021
Popup Builder <= 3.72 Missing Authorization on AJAX actions 6.3 Patchstack January 28, 2021
Popup Builder <= 3.63 - Unauthenticated Stored Cross-Site Scripting CVE-2020-10196 8.3 Ram March 12, 2020
Popup Builder <= 3.63 - Authenticated Settings Modification, Configuration Disclosure, and User Data Export CVE-2020-10195 6.3 Ram March 12, 2020
Popup Builder 2.2.8 - 2.6.7.6 - PHP Object Injection CVE-2020-9006 9.8 Zeroauth February 16, 2020
Popup Builder <= 3.44 - SQL Injection CVE-2019-14695 9.8 Tin Duong August 6, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation