Popup Builder
popupbuilder
Developer
4.4.3
Latest version
200,000
Installations
No date
Last updated
Vulnerability history
0 present
23 patched
7 Mitigation rules
- Improper Authorization to Unauthenticated Subscriber Removal via Predictable Tokens vulnerability<= 4.4.218/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 4.4.113/12/2025
- Admin+ Stored XSS vulnerability< 4.3.512/12/2024
- Sensitive Information Exposure via Imported Subscribers CSV File vulnerability<= 4.3.629/08/2024
- Missing Authorization and Nonce Exposure vulnerability<= 4.3.114/06/2024
- Missing Authorization in Multiple AJAX Actions vulnerability<= 4.3.014/06/2024
- Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS vulnerability<= 4.2.703/06/2024
- Cross Site Scripting (XSS) vulnerability<= 4.2.625/03/2024
- Admin+ SSRF & File Read vulnerability< 4.2.613/02/2024
- Unauthenticated Stored XSS vulnerability< 4.2.312/12/2023
- Admin+ Stored Cross-Site Scripting vulnerability< 4.2.226/09/2023
- Cross-Site Request Forgery (CSRF) leading to plugin settings update<= 4.1.1130/06/2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 4.1.1020/06/2022
- Cross-Site Request Forgery (CSRF) vulnerability leading to Popup Status Change<= 4.1.017/06/2022
- SQL Injection (SQLi) vulnerability to Reflected Cross-Site Scripting (XSS)<= 4.1.007/03/2022
- Local File Inclusion (LFI) leading to Remote Code Execution (RCE)<= 4.0.624/01/2022
- SQL Injection (SQLi) vulnerability<= 4.0.624/01/2022
- Authenticated Local File Inclusion (LFI) vulnerability<= 3.7128/01/2021
- Authenticated Deleting/Importing Subscribers vulnerability<= 3.7128/01/2021
- Authenticated Newsletter Send With Custom Content And Sender vulnerability<= 3.7128/01/2021
- Multiple Stored Cross-Site Scripting (XSS) vulnerabilities<= 3.69.614/12/2020
- SQL injection (SQLi) vulnerability<= 2.6.7.616/02/2020
- SQL Injection (SQLi) vulnerability<= 3.4406/08/2019