cleantalk
Vulnerabilities and Security Researches

Popup Maker – Popup for opt-ins, lead gen, & more, 474920b53a3f66864948949f8baa9e89ab06023b

CVE, Research URL

474920b53a3f66864948949f8baa9e89ab06023b

Home page URL

Security reports for Popup Maker – Popup for opt-ins, lead gen, & more

Application

Popup Maker – Popup for opt-ins, lead gen, & more

Published on
Mar 08, 2023
Research Description
Popup Maker &#8211; Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder [popup-maker] < 1.18.1 Popup Maker <= 1.18.0 - Cross-Site Request Forgery via init The Popup Maker plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.18.0. This is due to missing or incorrect nonce validation on the 'init' function. This makes it possible for unauthenticated attackers to flush the popup cache via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.18.1.
Status
vulnerable
Previous vulnerability researches
WordPress Connect (feaf7c04-4991-4c34-bfbf-d849a9e38599) , Jun 16, 2026
WordPress Connect (5b2d1beeae1454c4c4f60eac4f084fd504540b28) , Jun 16, 2026
WordPress Connect (b326cdbf2040aa8eeb688f951965600d9b290062) , Jun 06, 2024
New vulnerability
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (c9038d9e6e459de1ff8abd00bd5a0f71e49ef5d8) , Jun 16, 2026
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (9f80d9ea-e4ce-4957-9b22-3464446ab003) , Jun 16, 2026
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (95230c961ea7801737904d6245f3fe862829cb0d) , Jun 16, 2026
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (66d2a48446049f0a84abb0461d3eee433fdde3d1) , Jun 16, 2026
Featured Post with thumbnail (1c4bc9a7-b70a-4e00-bca3-ef46763559a3) , Jun 16, 2026