Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sygnoos popup-builder vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-25082
The Popup Builder WordPress plugin prior to 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vu...
Sygnoos Popup Builder
7.5
CVSSv2
CVE-2020-9006
The Popup Builder plugin 2.2.8 up to and including 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbit...
Sygnoos Popup Builder
2 Github repositories
NA
CVE-2022-29495
Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an malicious user to update plugin settings.
Sygnoos Popup Builder
3.5
CVSSv2
CVE-2022-1894
The Popup Builder WordPress plugin prior to 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed
Sygnoos Popup Builder
NA
CVE-2022-32289
Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change.
Sygnoos Popup Builder
7.5
CVSSv2
CVE-2022-0479
The Popup Builder WordPress plugin prior to 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site ...
Sygnoos Popup Builder
7.5
CVSSv2
CVE-2019-14695
A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin prior to 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote malicious user to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscrib...
Sygnoos Popup Builder
6.5
CVSSv2
CVE-2022-0228
The Popup Builder WordPress plugin prior to 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection
Sygnoos Popup Builder
4.3
CVSSv2
CVE-2020-10196
An XSS vulnerability in the popup-builder plugin prior to 3.64.1 for WordPress allows remote malicious users to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated malicious user to insert ma...
Sygnoos Popup-builder
4.3
CVSSv2
CVE-2021-24152
The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting.
Sygnoos Popup Builder
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »