Popup Builder – Create highly converting, mobile friendly marketing popups.

Information

Software Type Plugin
Software Slug popup-builder (view on wordpress.org)
Software Status Active
Software Author popupbuilder
Software Website popup-builder.com
Software Downloads 10,721,822
Software Active Installs 200,000
Software Record Last Updated December 11, 2024

20 Vulnerabilities

6.3
CVE ID Unknown
Jan 28, 2021
Researcher: Patchstack
Title Status CVE ID CVSS Researchers Date
Popup Builder <= 4.1.0 - SQL Injection Patched CVE-2022-0479 9.8 Krzysztof Zając March 7, 2022
Popup Builder 2.2.8 - 2.6.7.6 - PHP Object Injection Patched CVE-2020-9006 9.8 Zeroauth February 16, 2020
Popup Builder <= 3.44 - SQL Injection Patched CVE-2019-14695 9.8 Tin Duong August 6, 2019
Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.1.11 - Cross-Site Request Forgery to Settings Update Patched CVE-2022-29495 8.8 Rafie Muhammad June 30, 2022
Popup Builder <= 4.0.6 - Local File Inclusion and PHAR Deserialization Patched CVE-2021-25082 8.8 ZhongFu Su January 24, 2022
Popup Builder <= 3.63 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2020-10196 8.3 Ram March 12, 2020
Popup Builder – Create highly converting, mobile friendly marketing popups <= 4.3.1 - Missing Authorization and Nonce Exposure Patched CVE-2023-6696 8.1 Lucio Sá June 14, 2024
Popup Builder <= 4.3.0 - Missing Authorization in Multiple AJAX Actions Patched CVE-2024-2544 7.4 Alex Thomas June 14, 2024
Popup Builder <= 4.0.6 - Authenticated SQL Injection via order & orderby Parameters Patched CVE-2022-0228 7.2 Tony Wu January 24, 2022
Popup Builder <= 4.2.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS Patched CVE-2024-2506 6.4 Tim Coen May 31, 2024
Popup Builder <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Patched CVE-2024-30184 6.4 LVT-tholv2k March 25, 2024
Popup Builder <= 3.72 Missing Authorization on AJAX actions Patched 6.3 Patchstack January 28, 2021
Popup Builder <= 3.63 - Authenticated Settings Modification, Configuration Disclosure, and User Data Export Patched CVE-2020-10195 6.3 Ram March 12, 2020
Popup Builder <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2023-6000 6.1 Marc-Alexandre Montpas December 11, 2023
Popup Builder <= 3.73 - Reflected Cross-Site Scripting Patched CVE-2021-24152 6.1 Nguyen Anh Tien February 2, 2021
Popup Builder <= 4.2.5 - Authenticated (Admin+) Server-Side Request Forgery Patched CVE-2023-6294 5.5 Sebastian Neef January 17, 2024
Popup Builder <= 4.1.10 - Authenticated (Admin+) Cross-Site Scripting Patched CVE-2022-1894 5.5 Pritam Dash June 20, 2022
Popup Builder <= 4.3.4 - Sensitive Information Exposure via Imported Subscribers CSV File Unpatched CVE-2024-2541 5.3 Tim Coen August 28, 2024
Popup Builder <= 4.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2023-3226 4.4 Dipak Panchal (th3.d1p4k) August 28, 2023
Popup Builder <= 4.1.0 - Cross-Site Request Forgery Patched CVE-2022-32289 4.3 RE-ALTER June 17, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation