Vulnerabilities > Sygnoos
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-21 | CVE-2021-25082 | Path Traversal vulnerability in Sygnoos Popup Builder The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. | 8.8 |
| 2022-02-21 | CVE-2022-0228 | SQL Injection vulnerability in Sygnoos Popup Builder The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection | 7.2 |
| 2021-04-05 | CVE-2021-24152 | Cross-site Scripting vulnerability in Sygnoos Popup Builder The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. | 6.1 |
| 2020-03-13 | CVE-2020-10196 | Cross-site Scripting vulnerability in Sygnoos Popup-Builder An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. | 6.1 |
| 2020-03-13 | CVE-2020-10195 | Information Exposure vulnerability in Sygnoos Popup-Builder The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. | 6.3 |
| 2020-02-17 | CVE-2020-9006 | Deserialization of Untrusted Data vulnerability in Sygnoos Popup Builder The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. | 9.8 |
| 2019-08-06 | CVE-2019-14695 | SQL Injection vulnerability in Sygnoos Popup Builder A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. | 9.8 |