← Back

Wp Popup Builder

wp_popup_builder

Vendor: Themehunk • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-62902
1Themehunk
1Wp Popup Builder
Apr 27, 2026
Oct 27, 2025
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/...Show more
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.8.Show less
CVE-2024-9061
1Themehunk
1Wp Popup Builder
Oct 30, 2024
Oct 16, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and inc...Show more
The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. NOTE: This vulnerability was partially fixed in version 1.3.5 with a nonce check, which effectively prevented access to the affected function. However, version 1.3.6 incorporates the correct authorization check to prevent unauthorized access.Show less
CVE-2022-2405
1Themehunk
1Wp Popup Builder
May 21, 2025
Sep 26, 2022
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup
CVE-2022-2404
1Themehunk
1Wp Popup Builder
May 21, 2025
Sep 26, 2022
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting