GCVE - cpe:2.3:a:ghozylab:popup_builder:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ghozylab:popup_builder:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ghozylab (`33c2dab5-504d-5881-b929-cf857c38db21`)
Product	Popup Builder (`bf66f7c9-a117-500c-8483-0e3d4c63c734`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-46230`	vulnerable	2026-06-08 07:25:11.345765	WordPress Popup Builder plugin <= 1.1.35 - Local File Inclusion Vulnerability HIGH (7.5) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GhozyLab Popup Builder easy-notify-lite allows PHP Local File Inclusion.This issue affects Popup Builder: from n/a through <= 1.1.35. Published: 2025-04-24T16:08:29.765Z Updated: 2026-05-12T00:13:43.900Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/easy-notify-lite/vulnerability/wordpress-popup-builder-1-1-35-local-file-inclusion-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-26882`	vulnerable	2026-06-08 07:14:50.613085	WordPress Popup Builder plugin <= 1.1.33 - Cross Site Scripting (XSS) vulnerability MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Popup Builder easy-notify-lite allows Stored XSS.This issue affects Popup Builder: from n/a through <= 1.1.33. Published: 2025-02-25T14:17:51.802Z Updated: 2026-04-28T16:11:41.238Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/easy-notify-lite/vulnerability/wordpress-popup-builder-plugin-1-1-33-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-14446`	vulnerable	2026-06-08 07:06:34.497895	Popup Builder <= 1.1.37 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Reset MEDIUM (5.4) The Popup Builder (Easy Notify Lite) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotify_cp_reset() function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset plugin settings to their default values. Published: 2025-12-13T04:31:34.148Z Updated: 2026-04-08T17:33:35.912Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/f67ab0cf-340d-4234-a857-1883f91c3ab6?source=cve https://plugins.trac.wordpress.org/browser/easy-notify-lite/trunk/inc/functions/enoty-functions.php#L304 https://plugins.trac.wordpress.org/browser/easy-notify-lite/tags/1.1.37/inc/functions/enoty-functions.php#L304 https://plugins.trac.wordpress.org/changeset/3418678/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.