Product
sygnoos popup builder
20 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-9428
CVE-2024-2541
CVE-2024-3602
CVE-2024-3236
CVE-2024-2544
CVE-2023-6696
CVE-2023-6294
CVE-2023-6000
CVE-2023-3226
CVE-2022-29495
CVE-2022-32289
CVE-2022-1894
CVE-2022-0479
CVE-2022-0228
CVE-2021-25082
CVE-2021-24152
CVE-2020-10196
CVE-2020-10195
CVE-2020-9006
CVE-2019-14695
< 4.3.5
The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privile
<= 4.3.3
The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6
<= 1.1.0
The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers - Promolayer plugin for WordPress is vuln
< 1.1.33
The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow u
< 4.3.2
The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capabi
< 4.3.2
The Popup Builder - Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized
< 4.2.6
The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow use
< 4.2.3
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw
<= 4.1.15
The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, which could allow high privileg
< 4.1.12
Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to updat
< 4.1.1
Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status chan
< 4.1.11
The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege user
< 4.1.1
The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using
< 4.0.7
The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before usin
< 4.0.7
The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a requir
< 3.74
The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting.
< 3.64.1
An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScrip
< 3.64.1
The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope
>= 2.2.8 and <= 2.6.7.6
The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_
< 3.45
A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of thi