cleantalk
Vulnerabilities and Security Researches

Popup Builder – Create highly converting, mobile friendly marketing popups., CVE-2025-13079

CVE, Research URL

CVE-2025-13079

Home page URL

Security reports for Popup Builder – Create highly converting, mobile friendly marketing popups.

Application

Popup Builder – Create highly converting, mobile friendly marketing popups.

Published on
Feb 19, 2026
Research Description
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.2. This is due to the plugin generating predictable unsubscribe tokens using deterministic data. This makes it possible for unauthenticated attackers to unsubscribe arbitrary subscribers from mailing lists via brute-forcing the unsubscribe token, granted they know the victim's email address
Affected versions
max 4.4.3.
Status
vulnerable
Previous vulnerability researches
BoomDevs WordPress Coming Soon Plugin (CVE-2025-62083) , Jan 10, 2026
New vulnerability
Order Splitter for WooCommerce (CVE-2025-12075) , Feb 27, 2026
Easy Taxonomy Images (CVE-2025-53231) , Feb 27, 2026
iSape (CVE-2025-68847) , Feb 27, 2026
WP 404 Auto Redirect to Similar Post (CVE-2025-12037) , Feb 27, 2026
KiviCare – Clinic & Patient Management System (EHR) (CVE-2026-25022) , Feb 27, 2026