cleantalk
Vulnerabilities and Security Researches

Popup Builder – Create highly converting, mobile friendly marketing popups., CVE-2019-25744

CVE, Research URL

CVE-2019-25744

Home page URL

Security reports for Popup Builder – Create highly converting, mobile friendly marketing popups.

Application

Popup Builder – Create highly converting, mobile friendly marketing popups.

Published on
Jun 04, 2026
Research Description
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads in the post_title field that execute when pages or posts display popup selections.
Affected versions
max 3.49.
Status
vulnerable
Previous vulnerability researches
Support Ticket System (CVE-2015-7670) , Jun 10, 2024
New vulnerability
Slider by Soliloquy – Responsive Image Slider for WordPress (CVE-2019-25743) , Jun 06, 2026
Photo Gallery by 10Web – Mobile-Friendly Image Gallery (CVE-2026-49771) , Jun 06, 2026
Popup Builder – Create highly converting, mobile friendly marketing popups. (CVE-2019-25744) , Jun 06, 2026
WP Google Review Slider (CVE-2019-25745) , Jun 06, 2026
LMS by Masteriyo – WordPress Learning Management System, eLearning Platform, Online Education System & Online Course (CVE-2026-42743) , Jun 05, 2026