Popup Maker – Popup for opt-ins, lead gen, & more

Information

Software Type	Plugin
Software Slug	popup-maker (view on wordpress.org)
Software Status	Active
Software Author	danieliser
Software Website	wppopupmaker.com
Software Downloads	12,917,000
Software Active Installs	700,000
Software Record Last Updated	May 20, 2023

10 vulnerabilities

Popup Maker <= 1.17.1 - Sensitive Data Exposure via debug log file

5.3

CVE-2022-47597

Mar 14, 2023

Researcher: rezaduty

Popup Maker <= 1.17.1 - Missing Authorization via save_popup_enabled_state

5.4

CVE ID Unknown

Mar 9, 2023

Researchers:

Popup Maker <= 1.18.0 - Cross-Site Request Forgery via init

4.3

CVE ID Unknown

Mar 8, 2023

Researchers:

Popup Maker <= 1.16.10 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-3690

Oct 31, 2022

Researcher: c3p0d4y

Popup Maker <= 1.16.8 - Authenticated (Contributor+) Cross-Site Scripting

6.4

CVE-2022-4381

Sep 26, 2022

Researcher: An Doan

Popup Maker <= 1.16.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4362

Sep 23, 2022

Researcher: Tin Pham

Popup Maker <= 1.16.4 - Authenticated (Admin+) Cross-Site Scripting

5.5

CVE-2022-1104

Apr 19, 2022

Researcher: Roel van Beurden

Popup-Maker <= 1.8.12 - Unauthenticated information disclosure

7.5

CVE-2019-17574

Oct 14, 2019

Researcher: Dimopoulos Elias

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

8.8

CVE ID Unknown

Feb 25, 2019

Researchers:

Popup Maker < 1.6.5 - Reflected Cross-Site Scripting

6.1

CVE-2017-2284

Jul 24, 2017

Researcher: Chris Liu

Title	CVE ID	CVSS	Researchers	Date
Popup Maker <= 1.17.1 - Sensitive Data Exposure via debug log file	CVE-2022-47597	5.3	rezaduty	March 14, 2023
Popup Maker <= 1.17.1 - Missing Authorization via save_popup_enabled_state		5.4		March 9, 2023
Popup Maker <= 1.18.0 - Cross-Site Request Forgery via init		4.3		March 8, 2023
Popup Maker <= 1.16.10 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-3690	5.5	c3p0d4y	October 31, 2022
Popup Maker <= 1.16.8 - Authenticated (Contributor+) Cross-Site Scripting	CVE-2022-4381	6.4	An Doan	September 26, 2022
Popup Maker <= 1.16.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4362	6.4	Tin Pham	September 23, 2022
Popup Maker <= 1.16.4 - Authenticated (Admin+) Cross-Site Scripting	CVE-2022-1104	5.5	Roel van Beurden	April 19, 2022
Popup-Maker <= 1.8.12 - Unauthenticated information disclosure	CVE-2019-17574	7.5	Dimopoulos Elias	October 14, 2019
Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update		8.8		February 25, 2019
Popup Maker < 1.6.5 - Reflected Cross-Site Scripting	CVE-2017-2284	6.1	Chris Liu	July 24, 2017

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation