Themehunk Wp Popup Builder vulnerabilities
4 known vulnerabilities affecting themehunk/wp_popup_builder.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-9061P1CRITICALCVSS 9.8PoCfixed in 1.3.62024-10-16
CVE-2024-9061 [CRITICAL] CWE-94 CVE-2024-9061: The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnera
The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before runnin
nvd
CVE-2025-62902P4MEDIUMCVSS 5.3≤ 1.3.62025-10-27
CVE-2025-62902 [MEDIUM] CWE-497 CVE-2025-62902: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHun
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.8.
nvd
CVE-2022-2404P4MEDIUMCVSS 6.1fixed in 1.2.92022-09-26
CVE-2022-2404 [MEDIUM] CWE-79 CVE-2022-2404: The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before o
The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
nvd
CVE-2022-2405P4MEDIUMCVSS 4.3fixed in 1.2.92022-09-26
CVE-2022-2405 [MEDIUM] CWE-352 CVE-2022-2405: The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an
The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup
nvd