This page lists publicly disclosed CVE vulnerabilities affecting themehunk wp_popup_builder (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-62902 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.8. | [email protected] | 5.3 | 0.04% | 2025-10-27 | 2026-04-27 |
| CVE-2024-9061 | The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. NOTE: This vulnerability was partially fixed i | [email protected] | 7.3 | 89.00% | 2024-10-16 | 2024-10-30 |
| CVE-2022-2405 | The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup | [email protected] | 4.3 | 0.06% | 2022-09-26 | 2025-05-21 |
| CVE-2022-2404 | The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | [email protected] | 6.1 | 0.22% | 2022-09-26 | 2025-05-21 |