Vulnerabilities > Sygnoos > Popup Builder

DATE CVE VULNERABILITY TITLE RISK
2021-04-05 CVE-2021-24152 Cross-site Scripting vulnerability in Sygnoos Popup Builder
The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting.
network
sygnoos CWE-79
4.3
4.3
2020-03-13 CVE-2020-10196 Cross-site Scripting vulnerability in Sygnoos Popup-Builder
An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php.
network
sygnoos CWE-79
4.3
4.3
2020-03-13 CVE-2020-10195 Information Exposure vulnerability in Sygnoos Popup-Builder
The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php.
network
low complexity
sygnoos CWE-200
6.5
6.5
2020-02-17 CVE-2020-9006 SQL Injection vulnerability in Sygnoos Popup Builder
The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable.
network
low complexity
sygnoos CWE-89
7.5
7.5
2019-08-06 CVE-2019-14695 SQL Injection vulnerability in Sygnoos Popup Builder
A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress.
network
low complexity
sygnoos CWE-89
critical
 9.8
9.8