Sygnoos

Popup Builder

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2024-9428

Exploit
  • EPSS 0.12%
  • Veröffentlicht 12.12.2024 06:15:24
  • Zuletzt bearbeitet 07.05.2025 13:29:51

The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall...

7.5

CVE-2024-2541

  • EPSS 1.17%
  • Veröffentlicht 29.08.2024 13:15:06
  • Zuletzt bearbeitet 09.09.2024 18:40:23

The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data afte...

6.4

CVE-2024-2544

  • EPSS 0.12%
  • Veröffentlicht 15.06.2024 02:15:50
  • Zuletzt bearbeitet 21.11.2024 09:09:58

The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and abo...

8.1

CVE-2023-6696

  • EPSS 0.42%
  • Veröffentlicht 15.06.2024 02:15:50
  • Zuletzt bearbeitet 21.11.2024 08:44:22

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4....

7.2

CVE-2023-6294

Exploit
  • EPSS 0.33%
  • Veröffentlicht 12.02.2024 16:15:08
  • Zuletzt bearbeitet 24.04.2025 16:15:25

The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations.

6.1

CVE-2023-6000

Exploit
  • EPSS 63.96%
  • Veröffentlicht 01.01.2024 15:15:43
  • Zuletzt bearbeitet 18.06.2025 15:15:24

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.

4.8

CVE-2023-3226

Exploit
  • EPSS 0.17%
  • Veröffentlicht 25.09.2023 16:15:14
  • Zuletzt bearbeitet 21.11.2024 08:16:44

The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo...

4.3

CVE-2022-29495

  • EPSS 1.76%
  • Veröffentlicht 22.07.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:59:11

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings.

4.3

CVE-2022-32289

  • EPSS 0.1%
  • Veröffentlicht 21.07.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 07:06:06

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change.

4.8

CVE-2022-1894

Exploit
  • EPSS 0.28%
  • Veröffentlicht 11.07.2022 13:15:08
  • Zuletzt bearbeitet 21.11.2024 06:41:41

The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed