Sygnoos Popup_builder
18 CVEs affecting Sygnoos Popup_builder. Latest disclosed: 2024-12-12. Critical: 3, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-0479 | Critical | 9.8 | 2022-03-28 | The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the… |
CVE-2020-9006 | Critical | 9.8 | 2020-02-17 | The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deser… |
CVE-2019-14695 | Critical | 9.8 | 2019-08-06 | A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a… |
CVE-2021-25082 | High | 8.8 | 2022-02-21 | The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Loc… |
CVE-2023-6696 | High | 8.1 | 2024-06-15 | The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due… |
CVE-2024-2544 | High | 7.4 | 2024-06-15 | The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX action… |
CVE-2023-6294 | High | 7.2 | 2024-02-12 | The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator rol… |
CVE-2022-0228 | High | 7.2 | 2022-02-21 | The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in… |
CVE-2020-10195 | Medium | 6.3 | 2020-03-13 | The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admi… |
CVE-2023-6000 | Medium | 6.1 | 2024-01-01 | The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which cou… |
CVE-2021-24152 | Medium | 6.1 | 2021-04-05 | The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. |
CVE-2020-10196 | Medium | 6.1 | 2020-03-13 | An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an… |
CVE-2022-29495 | Medium | 5.4 | 2022-07-22 | Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings. |
CVE-2022-32289 | Medium | 5.4 | 2022-07-21 | Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change. |
CVE-2024-2541 | Medium | 5.3 | 2024-08-29 | The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the Subscribers Import f… |
CVE-2024-9428 | Medium | 4.8 | 2024-12-12 | The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to per… |
CVE-2023-3226 | Medium | 4.8 | 2023-09-25 | The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perf… |
CVE-2022-1894 | Medium | 4.8 | 2022-07-11 | The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Sit… |