Every CVE whose affected-product data names Sygnoos Popup Builder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2022-0479 — CVSS 9.8 (critical): The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a…
CVE-2020-9006 — CVSS 9.8 (critical): The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in…
CVE-2019-14695 — CVSS 9.8 (critical): A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this…
CVE-2021-25082 — CVSS 8.8 (high): The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require…
CVE-2023-6696 — CVSS 8.1 (high): The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access…
CVE-2024-2544 — CVSS 7.4 (high): The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability…
CVE-2022-0228 — CVSS 7.2 (high): The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in…
CVE-2023-6294 — CVSS 7.2 (high): The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with…
CVE-2020-10195 — CVSS 6.3 (medium): The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege…
CVE-2023-6000 — CVSS 6.1 (medium): The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw…
CVE-2021-24152 — CVSS 6.1 (medium): The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting.
CVE-2020-10196 — CVSS 6.1 (medium): An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into…
CVE-2022-29495 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin…
CVE-2022-32289 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change.
CVE-2024-2541 — CVSS 5.3 (medium): The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the…
CVE-2023-3226 — CVSS 4.8 (medium): The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2022-1894 — CVSS 4.8 (medium): The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to…
CVE-2024-9428 — CVSS 4.8 (medium): The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users…