Popup Builder
popupbuilder
Developer
4.4.2
Latest version
200,000
Installations
Oct 25, 2025
Last updated
Vulnerability history
0 present
21 fixed
7 Mitigation rules
- Admin+ Stored XSS vulnerability< 4.3.5Dec 12, 2024
- Sensitive Information Exposure via Imported Subscribers CSV File vulnerability<= 4.3.6Aug 29, 2024
- Missing Authorization and Nonce Exposure vulnerability<= 4.3.1Jun 14, 2024
- Missing Authorization in Multiple AJAX Actions vulnerability<= 4.3.0Jun 14, 2024
- Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS vulnerability<= 4.2.7Jun 3, 2024
- Cross Site Scripting (XSS) vulnerability<= 4.2.6Mar 25, 2024
- Admin+ SSRF & File Read vulnerability< 4.2.6Feb 13, 2024
- Unauthenticated Stored XSS vulnerability< 4.2.3Dec 12, 2023
- Admin+ Stored Cross-Site Scripting vulnerability< 4.2.2Sep 26, 2023
- Cross-Site Request Forgery (CSRF) leading to plugin settings update<= 4.1.11Jun 30, 2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 4.1.10Jun 20, 2022
- Cross-Site Request Forgery (CSRF) vulnerability leading to Popup Status Change<= 4.1.0Jun 17, 2022
- SQL Injection (SQLi) vulnerability to Reflected Cross-Site Scripting (XSS)<= 4.1.0Mar 7, 2022
- Local File Inclusion (LFI) leading to Remote Code Execution (RCE)<= 4.0.6Jan 24, 2022
- SQL Injection (SQLi) vulnerability<= 4.0.6Jan 24, 2022
- Authenticated Local File Inclusion (LFI) vulnerability<= 3.71Jan 28, 2021
- Authenticated Deleting/Importing Subscribers vulnerability<= 3.71Jan 28, 2021
- Authenticated Newsletter Send With Custom Content And Sender vulnerability<= 3.71Jan 28, 2021
- Multiple Stored Cross-Site Scripting (XSS) vulnerabilities<= 3.69.6Dec 14, 2020
- SQL injection (SQLi) vulnerability<= 2.6.7.6Feb 16, 2020
- SQL Injection (SQLi) vulnerability<= 3.44Aug 6, 2019