cleantalk
Vulnerabilities and Security Researches

Hello Bar, CVE-2026-39666

CVE, Research URL

CVE-2026-39666

Home page URL

Security reports for Hello Bar

Application

Hello Bar

Published on
Apr 08, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Popup Builder: from n/a through <= 1.5.1.
Affected versions
max 1.5.1.
Status
vulnerable
Previous vulnerability researches
Hello Bar (CVE-2026-39666) , Apr 14, 2026
New vulnerability
Conditional Menus (CVE-2026-1032) , Apr 14, 2026
POST SMTP &#8211; The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications (CVE-2026-2559) , Apr 14, 2026
POST SMTP &#8211; The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications (CVE-2026-3090) , Apr 14, 2026
App Builder &#8211; Create Native Android &amp; iOS Apps On The Flight (CVE-2026-2375) , Apr 14, 2026
Doofinder WP &amp; WooCommerce Search (CVE-2026-39542) , Apr 14, 2026