Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-10-30
CVE-2024-9061 - Wp Popup Builder Plugin
The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. NOTE: This vulnerability was partially fixed in version 1.3.5 with a nonce check, which effectively prevented access to the affected function. However, version…
PLUGIN
Wp Popup Builder
CVE-2024-9061
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2022-2404 - Wp Popup Builder Plugin
The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
PLUGIN
Wp Popup Builder
CVE-2022-2404
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2022-2405 - Wp Popup Builder Plugin
The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup
PLUGIN
Wp Popup Builder
CVE-2022-2405
Risk Score