Wp Popup Builder – Popup Forms And Marketing Lead Generation
Approved changes feed: RSS · Atom
cpe:2.3:a:themehunk:wp_popup_builder_–_popup_forms_and_marketing_lead_generation:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Themehunk (b3cb38a5-b275-5673-a051-0d6ce3409958) |
|---|---|
| Product | Wp Popup Builder – Popup Forms And Marketing Lead Generation (e22a9884-21c7-5e1c-b50d-a30f2f125ac1) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-9061 |
vulnerable | 2026-06-03 14:58:20.398739 |
WP Popup Builder – Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via wp_ajax_nopriv_shortcode_Api_Add
HIGH (7.3)
The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. NOTE: This vulnerability was partially fixed in version 1.3.5 with a nonce check, which effectively prevented access to the affected function. However, version 1.3.6 incorporates the correct authorization check to prevent unauthorized access.
Published: 2024-10-16T07:31:49.028Z
Updated: 2026-04-08T16:35:08.118Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.