| CVE-2025-4205 | Popup Maker <= 1.20.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via popupID Parameter | danieliser | Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder | Medium | 6.4 | 2025-06-03 11:22:26 | Deep Dive |
| CVE-2025-3779 | Personizely <= 0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via widgetId Parameter | personizely | Personizely — A/B Testing, Personalization, Popups & CRO | Medium | 6.4 | 2025-05-03 01:43:08 | Deep Dive |
| CVE-2025-25118 | WordPress WPOptin plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability | Danish Ali Malik | Top Bar – PopUps – by WPOptin | High | 7.1 | 2025-03-03 13:30:24 | Deep Dive |
| CVE-2025-26774 | WordPress Responsive Modal Builder for High Conversion – Easy Popups plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability | Rock Solid | Responsive Modal Builder for High Conversion – Easy Popups | High | 7.1 | 2025-02-22 15:52:48 | Deep Dive |
| CVE-2024-12204 | Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization | premio | Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce | Medium | 5.4 | 2025-01-11 02:20:55 | Deep Dive |
| CVE-2024-12627 | Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection | premio | Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce | High | 7.5 | 2025-01-11 02:20:54 | Deep Dive |
| CVE-2024-10583 | Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder <= 1.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | danieliser | Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder | Medium | 5.4 | 2024-12-12 06:46:34 | Deep Dive |
| CVE-2024-10580 | Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unauthorized Form Submission | wpmudev | Hustle – Email Marketing, Lead Generation, Optins, Popups | Medium | 5.3 | 2024-11-27 06:41:28 | Deep Dive |
| CVE-2024-10579 | Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unpublished Form Exposure | wpmudev | Hustle – Email Marketing, Lead Generation, Optins, Popups | Medium | 4.3 | 2024-11-26 11:04:32 | Deep Dive |
| CVE-2024-10861 | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 4.9.7 - Missing Authorization to Unauthenticated Limited Options Update | ays-pro | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups | Medium | 5.3 | 2024-11-16 02:02:32 | Deep Dive |
| CVE-2024-47645 | WordPress WPOptin plugin <= 2.0.1 - Local File Inclusion vulnerability | Danish Ali Malik | Top Bar – PopUps – by WPOptin | High | 7.5 | 2024-10-16 13:35:10 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-2541 | Popup Builder <= 4.3.6 - Sensitive Information Exposure via Imported Subscribers CSV File | popupbuilder | Popup Builder – Create highly converting, mobile friendly marketing popups. | Medium | 5.3 | 2024-08-29 12:31:09 | Deep Dive |
| CVE-2024-7054 | Popup Maker <= 1.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | danieliser | Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder | Medium | 6.4 | 2024-08-20 10:58:30 | Deep Dive |
| CVE-2024-37950 | WordPress Master Popups plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability | CodexHelp | Master Popups | Medium | 5.9 | 2024-07-20 08:25:19 | Deep Dive |
| CVE-2024-6555 | WP Popups – WordPress Popup builder <= 2.2.0.1 - Unauthenticated Full Path Disclosure | timersys | WP Popups – WordPress Popup builder | Medium | 5.3 | 2024-07-12 05:32:38 | Deep Dive |
| CVE-2024-3602 | Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer <= 1.1.0 - Missing Authorization | promolayerpopupbuilder | Promolayer – Popup Builder & Abandonment Preventer | Medium | 4.3 | 2024-06-20 02:08:19 | Deep Dive |
| CVE-2023-6696 | Popup Builder – Create highly converting, mobile friendly marketing popups <= 4.3.1 - Missing Authorization and Nonce Exposure | popupbuilder | Popup Builder – Create highly converting, mobile friendly marketing popups. | High | 8.1 | 2024-06-15 02:02:01 | Deep Dive |
| CVE-2024-2544 | Popup Builder <= 4.3.0 - Missing Authorization in Multiple AJAX Actions | popupbuilder | Popup Builder – Create highly converting, mobile friendly marketing popups. | High | 7.4 | 2024-06-15 02:01:58 | Deep Dive |
| CVE-2024-2506 | Popup Builder <= 4.2.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS | popupbuilder | Popup Builder – Create highly converting, mobile friendly marketing popups. | Medium | 6.4 | 2024-06-01 06:51:49 | Deep Dive |