VYPR
Vendor

Promolayer

Products
2
CVEs
5
Across products
6
Status
Private

Products

2

Recent CVEs

5
  • CVE-2024-2544HigJun 15, 2024
    risk 0.48cvss 7.4epss 0.00

    The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple…

  • CVE-2023-6696HigJun 15, 2024
    risk 0.46cvss 8.1epss 0.00

    The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions…

  • CVE-2024-34567MedMay 17, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 1.1.29.

  • CVE-2024-3602MedJun 20, 2024
    risk 0.21cvss 4.3epss 0.00

    The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and…

  • CVE-2024-3236Jun 17, 2024
    risk 0.00cvss epss 0.00

    The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks.

VYPR — Vulnerability Intelligence