cleantalk
Vulnerabilities and Security Researches

WP Popup Builder – Popup Forms and Marketing Lead Generation, CVE-2022-2405

CVE, Research URL

CVE-2022-2405

Home page URL

Security reports for WP Popup Builder – Popup Forms and Marketing Lead Generation

Application

WP Popup Builder – Popup Forms and Marketing Lead Generation

Published on
Sep 26, 2022
Research Description
The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup
Affected versions
max 1.3.0.
Status
vulnerable
Previous vulnerability researches
WP Popup Builder – Popup Forms and Marketing Lead Generation (CVE-2024-9061) , Oct 17, 2024
WP Popup Builder – Popup Forms and Marketing Lead Generation (CVE-2025-62902) , Nov 11, 2025
WP Popup Builder – Popup Forms and Marketing Lead Generation (CVE-2022-2405) , Jun 07, 2024
WP Popup Builder – Popup Forms and Marketing Lead Generation (CVE-2022-2404) , Jun 07, 2024
New vulnerability
Pets (CVE-2025-52742) , Nov 11, 2025
WordPress Live Webcam Widget & Shortcode (CVE-2025-10129) , Nov 11, 2025
Free Follow-Up Emails & Marketing Automation for WooCommerce – ShopMagic (CVE-2025-59578) , Nov 11, 2025
Find And Replace content for WordPress (CVE-2025-10313) , Nov 11, 2025
Master Blocks – Ultimate Gutenberg Blocks for Marketers (CVE-2025-10896) , Nov 11, 2025