Unknown Popup Builder vulnerabilities

CVE-2024-9428 [MEDIUM] CWE-79 CVE-2024-9428: The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVE-2024-3236 [MEDIUM] CWE-79 CVE-2024-3236: The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notificati The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks.

CVE-2023-6294 [HIGH] CWE-22 CVE-2023-6294: The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a reques The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations.

CVE-2023-6000 [MEDIUM] CWE-79 CVE-2023-6000: The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating exist The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.

CVE-2023-3226 [MEDIUM] CWE-79 CVE-2023-3226: The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, w The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).