Sygnoos Popup_builder

18 CVEs affecting Sygnoos Popup_builder. Latest disclosed: 2024-12-12. Critical: 3, High: 5.

Top CVEs affecting Sygnoos Popup_builder
CVESeverityScorePublishedSummary
CVE-2022-0479Critical9.82022-03-28The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the…
CVE-2020-9006Critical9.82020-02-17The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deser…
CVE-2019-14695Critical9.82019-08-06A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a…
CVE-2021-25082High8.82022-02-21The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Loc…
CVE-2023-6696High8.12024-06-15The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due…
CVE-2024-2544High7.42024-06-15The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX action…
CVE-2023-6294High7.22024-02-12The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator rol…
CVE-2022-0228High7.22022-02-21The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in…
CVE-2020-10195Medium6.32020-03-13The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admi…
CVE-2023-6000Medium6.12024-01-01The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which cou…
CVE-2021-24152Medium6.12021-04-05The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting.
CVE-2020-10196Medium6.12020-03-13An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an…
CVE-2022-29495Medium5.42022-07-22Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings.
CVE-2022-32289Medium5.42022-07-21Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change.
CVE-2024-2541Medium5.32024-08-29The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the Subscribers Import f…
CVE-2024-9428Medium4.82024-12-12The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to per…
CVE-2023-3226Medium4.82023-09-25The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perf…
CVE-2022-1894Medium4.82022-07-11The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Sit…