VYPR

Popup Builder

by WordPress

Source repositories

CVEs (31)

  • CVE-2022-29495MedJul 22, 2022
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings.

  • CVE-2022-32289MedJul 21, 2022
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change.

  • CVE-2026-3475MedMar 19, 2026
    risk 0.34cvss 5.3epss 0.00

    The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode Execution in all versions up to and including 1.1.7. This is due to the handle_email_verification_page() function constructing a shortcode string from user-supplied GET parameters…

  • CVE-2025-13079MedFeb 19, 2026
    risk 0.34cvss 5.3epss 0.00

    The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.2. This is due to the plugin generating predictable unsubscribe tokens using deterministic data.…

  • CVE-2023-32517MedDec 29, 2023
    risk 0.31cvss 4.7epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3.

  • CVE-2023-3226MedSep 25, 2023
    risk 0.31cvss 4.8epss 0.00

    The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…

  • CVE-2022-1894MedJul 11, 2022
    risk 0.31cvss 4.8epss 0.00

    The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed

  • CVE-2022-2405MedSep 26, 2022
    risk 0.28cvss 4.3epss 0.00

    The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup

  • CVE-2024-9428Dec 12, 2024
    risk 0.00cvss epss 0.00

    The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2024-3236Jun 17, 2024
    risk 0.00cvss epss 0.00

    The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks.

  • CVE-2023-6294Feb 12, 2024
    risk 0.00cvss epss 0.01

    The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations.

Page 2 of 2