cleantalk
Vulnerabilities and Security Researches

Popup Builder – Create highly converting, mobile friendly marketing popups., CVE-2023-3226

CVE, Research URL

CVE-2023-3226

Home page URL

Security reports for Popup Builder – Create highly converting, mobile friendly marketing popups.

Application

Popup Builder – Create highly converting, mobile friendly marketing popups.

Published on
Sep 25, 2023
Research Description
The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
max 4.2.2.
Status
vulnerable
Previous vulnerability researches
Pretty Simple Popup Builder (CVE-2024-56298) , Jan 07, 2025
Pretty Simple Popup Builder (151dd12759a625ce194d0174ccb42453eeaa1d0a) , Jun 07, 2024
Pretty Simple Popup Builder (CVE-2024-39626) , Jul 27, 2024
Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer (CVE-2024-3602) , Jun 21, 2024
WP Popup Builder – Popup Forms and Marketing Lead Generation (CVE-2024-9061) , Oct 17, 2024
New vulnerability
ElementsKit Elementor addons (CVE-2026-23693) , Feb 27, 2026
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2025-14795) , Feb 27, 2026
Slider Responsive Slideshow – Image slider, Gallery slideshow (CVE-2026-22346) , Feb 27, 2026
Endless Posts Navigation (CVE-2026-25332) , Feb 27, 2026
Eleblog – Elementor Blog And Magazine Addons (CVE-2025-69374) , Feb 27, 2026