cleantalk
Vulnerabilities and Security Researches

Popup Builder – Create highly converting, mobile friendly marketing popups., CVE-2023-6000

CVE, Research URL

CVE-2023-6000

Home page URL

Security reports for Popup Builder – Create highly converting, mobile friendly marketing popups.

Application

Popup Builder – Create highly converting, mobile friendly marketing popups.

Published on
Jan 01, 2024
Research Description
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.
Affected versions
max 4.2.3.
Status
vulnerable
Previous vulnerability researches
Pretty Simple Popup Builder (CVE-2024-56298) , Jan 07, 2025
Pretty Simple Popup Builder (151dd12759a625ce194d0174ccb42453eeaa1d0a) , Jun 07, 2024
Pretty Simple Popup Builder (CVE-2024-39626) , Jul 27, 2024
Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer (CVE-2024-3602) , Jun 21, 2024
WP Popup Builder – Popup Forms and Marketing Lead Generation (CVE-2024-9061) , Oct 17, 2024
New vulnerability
ElementsKit Elementor addons (CVE-2026-23693) , Feb 27, 2026
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2025-14795) , Feb 27, 2026
Slider Responsive Slideshow – Image slider, Gallery slideshow (CVE-2026-22346) , Feb 27, 2026
Endless Posts Navigation (CVE-2026-25332) , Feb 27, 2026
Eleblog – Elementor Blog And Magazine Addons (CVE-2025-69374) , Feb 27, 2026