Vulnerabilities > Sygnoos > Popup Builder > 3.69.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-21 | CVE-2021-25082 | Unspecified vulnerability in Sygnoos Popup Builder The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. | 8.8 |
| 2022-02-21 | CVE-2022-0228 | Unspecified vulnerability in Sygnoos Popup Builder The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection | 7.2 |
| 2021-04-05 | CVE-2021-24152 | Cross-site Scripting vulnerability in Sygnoos Popup Builder The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. | 6.1 |