cleantalk
Vulnerabilities and Security Researches

Hello Bar, CVE-2026-39666

CVE, Research URL

CVE-2026-39666

Home page URL

Security reports for Hello Bar

Application

Hello Bar

Published on
Apr 08, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Popup Builder: from n/a through <= 1.5.1.
Affected versions
max 1.5.1.
Status
vulnerable
Previous vulnerability researches
Simple GDPR Cookie Compliance (CVE-2026-24604) , Jan 27, 2026
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2019-25143) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (7d5b4ba83a5c6004460bf267fe534a359e1416b0) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2023-4013) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2025-1621) , Mar 14, 2025
New vulnerability
Advanced Contact form 7 DB (CVE-2026-0811) , Apr 14, 2026
Advanced Contact form 7 DB (CVE-2026-0814) , Apr 14, 2026
Import any XML or CSV File to WordPress (CVE-2026-2830) , Apr 14, 2026
Visual Link Preview (CVE-2026-39670) , Apr 14, 2026
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets &amp; Elementor T (CVE-2025-6229) , Apr 14, 2026