VYPR
Vendor

Popup Maker

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2025-9490MedSep 26, 2025
    risk 0.42cvss 6.4epss 0.00

    The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.20.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2024-34770MedJun 3, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup Maker Popup Maker WP popup-maker-wp allows Stored XSS.This issue affects Popup Maker WP: from n/a through <= 1.3.6.

  • CVE-2017-2284MedAug 2, 2017
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2025-4205MedJun 3, 2025
    risk 0.35cvss 6.4epss 0.00

    The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popupID' parameter in all versions up to, and including, 1.20.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2022-45819LowDec 13, 2024
    risk 0.16cvss 3.5epss 0.00

    Missing Authorization vulnerability in Popup Maker Popup Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Maker: from n/a through 1.17.1.

  • CVE-2024-10583Dec 12, 2024
    risk 0.00cvss epss 0.00

    The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’ parameter in all versions up to, and including, 1.20.2 due to insufficient input…

  • CVE-2024-7054Aug 20, 2024
    risk 0.00cvss epss 0.00

    The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘close_text’ parameter in all versions up to, and including, 1.19.0 due to insufficient input…