Popup builder

This hub aggregates every CVE we track for Popup builder, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Popup builder.

• CVE-2019-25744WordPress Popup Builder 3.49 Persistent Cross-Site Scripting5.4Jun 4, 2026
• CVE-2025-46230WordPress Popup Builder plugin <= 1.1.35 - Local File Inclusion Vulnerability7.5Apr 24, 2025
• CVE-2025-26882WordPress Popup Builder plugin <= 1.1.33 - Cross Site Scripting (XSS) vulnerability6.5Feb 25, 2025
• CVE-2024-9428Popup Builder < 4.3.5 - Admin+ Stored XSS4.8Dec 12, 2024
• CVE-2024-2541Popup Builder <= 4.3.6 - Sensitive Information Exposure via Imported Subscribers CSV File5.3Aug 29, 2024
• CVE-2024-3602Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer <= 1.1.0 - Missing Authorization4.3Jun 20, 2024
• CVE-2024-3236Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS5.4Jun 17, 2024
• CVE-2023-6696Popup Builder – Create highly converting, mobile friendly marketing popups <= 4.3.1 - Missing Authorization and Nonce Exposure8.1Jun 15, 2024
• CVE-2024-2544Popup Builder <= 4.3.0 - Missing Authorization in Multiple AJAX Actions7.4Jun 15, 2024
• CVE-2024-34567WordPress Easy Notify Lite plugin <= 1.1.29 - Cross Site Scripting (XSS) vulnerability6.5May 17, 2024
• CVE-2024-30184WordPress Popup Builder plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability6.5Mar 27, 2024
• CVE-2023-6294popup-builder < 4.2.6 - Admin+ SSRF & File Read7.2Feb 12, 2024
• CVE-2023-6000Popup Builder < 4.2.3 - Unauthenticated Stored XSS6.1Jan 1, 2024
• CVE-2023-3226Popup Builder < 4.2.0 - Admin+ Stored Cross-Site Scripting4.8Sep 25, 2023
• CVE-2022-29495WordPress Popup Builder plugin <= 4.1.11 - Cross-Site Request Forgery (CSRF) leading to plugin settings update5.4Jul 22, 2022