Log out
Get PRO

Latest

Input validation vulnerability in Popup Maker – Popup for opt-ins, lead gen, & more 1.18.0

  • Severity: medium-risk
  • Status: Fixed
  • Publication: March 8, 2023

The Popup Maker plugin for WordPress is vulnerable to a type of attack called Cross-Site Request Forgery. This means that, in versions of the plugin up to and including version 1.18.0, the plugin does not have the necessary protection in place to prevent attackers from making requests to the plugin that could potentially harm the website. In this case, an attacker could send a request to the plugin to flush the popup cache, if they manage to trick a website administrator into clicking on a malicious link.

Detected in:

Popup Maker – Boost Sales & Grow Optin Subscribers with Customizable WP Popups fixed vulnerable versions:
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder fixed vulnerable versions:
Popup Maker – Popup for opt-ins, lead gen, & more fixed vulnerable versions: >= * <= 1.18.0
Popup Maker – The Best WordPress popup plugin for boosting sales & growing subsribers fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.