cleantalk
Vulnerabilities and Security Researches

Popup Builder, CVE-2024-3236

CVE, Research URL

CVE-2024-3236

Home page URL

Security reports for Popup Builder

Application

Popup Builder

Published on
Jun 17, 2024
Research Description
The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks.
Affected versions
Min -, max 1.1.33.
Status
vulnerable
Previous vulnerability researches
Popup Builder (CVE-2024-34567) , Jun 06, 2024
Popup Builder (CVE-2025-26882) , Feb 26, 2025
Popup Builder (CVE-2024-3236) , Jun 19, 2024
Popup Builder (CVE-2025-46230) , Apr 26, 2025
New vulnerability
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-8015) , Jul 22, 2025
Appointment & Event Booking Calendar Plugin – Webba Booking (CVE-2025-54040) , Jul 22, 2025
Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-7696) , Jul 21, 2025
Temporarily Hidden Content (CVE-2025-7658) , Jul 21, 2025
Testimonial Post type (CVE-2025-5800) , Jul 21, 2025