cleantalk
Vulnerabilities and Security Researches

Popup Builder – Create highly converting, mobile friendly marketing popups., CVE-2019-25744

CVE, Research URL

CVE-2019-25744

Home page URL

Security reports for Popup Builder – Create highly converting, mobile friendly marketing popups.

Application

Popup Builder – Create highly converting, mobile friendly marketing popups.

Published on
Jun 04, 2026
Research Description
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads in the post_title field that execute when pages or posts display popup selections.
Affected versions
max 3.49.
Status
vulnerable
Previous vulnerability researches
Support Ticket System (CVE-2015-7670) , Jun 10, 2024
YDS Support Ticket System (CVE-2024-55985) , Dec 21, 2024
YDS Support Ticket System (CVE-2022-36388) , Jun 10, 2024
Live Support Tickets, Contact Forms, CRM (CVE-2024-49235) , Oct 18, 2024
Support Ticket (CVE-2025-49422) , Aug 24, 2025
New vulnerability
Photo Gallery by 10Web – Mobile-Friendly Image Gallery (CVE-2026-49771) , Jun 06, 2026
Popup Builder – Create highly converting, mobile friendly marketing popups. (CVE-2019-25744) , Jun 06, 2026
WP Google Review Slider (CVE-2019-25745) , Jun 06, 2026
LMS by Masteriyo – WordPress Learning Management System, eLearning Platform, Online Education System & Online Course (CVE-2026-42743) , Jun 05, 2026
Printeers Print & Ship (CVE-2025-52766) , Jun 05, 2026