Popup Builder – Create highly converting, mobile friendly marketing popups.

Vulnerabilities 28Slug popup-builderLatest version 4.4.3WordPress.org →

Minimum safe version

4.4.3

Update to 4.4.3 or later to address 28 fixable vulnerabilities

Latest available4.4.3 ✓

Medium 6.4

2025-12-13< 4.4.2

Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

EUVD Wordfence CVE

Medium 5.3

2026-02-19< 4.4.3

CVE-2025-13079

CVE Wordfence

Medium 4.8

2024-12-12< 4.3.5

CVE-2024-9428

CVE Patchstack Wordfence

High 7.5

2024-08-29< 4.3.7

CVE-2024-2541

CVE Patchstack Wordfence

High 8.1

2024-06-15< 4.3.2

CVE-2023-6696

CVE Wordfence Patchstack

Medium 6.4

2024-06-15< 4.3.2

CVE-2024-2544

CVE Wordfence Patchstack

Medium 6.4

2024-06-03< 4.3.0

WordPress Popup Builder Plugin <= 4.2.7 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE Wordfence

Medium 6.5

2024-03-27< 4.2.7

CVE-2024-30184

CVE Wordfence Patchstack WPScan

High 7.2

2024-02-12< 4.2.6

CVE-2023-6294

CVE Wordfence Patchstack WPScan

Medium 6.1

2024-01-01< 4.2.3

CVE-2023-6000

CVE Patchstack Wordfence WPScan

Medium 4.8

2023-09-26< 4.2.2

WordPress Popup Builder Plugin <= 4.1.15 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE Wordfence WPScan

N/A

2021-01-28< 3.72

Popup Builder <= 3.72 Missing Authorization on AJAX actions

Wordfence

Medium 5.4

2022-07-22< 4.1.12

CVE-2022-29495

CVE Patchstack Wordfence WPScan

Medium 4.8

2022-07-11< 4.1.11

CVE-2022-1894

CVE Patchstack Wordfence WPScan

Medium 5.4

2022-07-21< 4.1.11

CVE-2022-32289

CVE Patchstack Wordfence WPScan

N/A

2019-08-06< 3.45

WordPress Popup Builder plugin <= 3.44 - SQL Injection (SQLi) vulnerability

Patchstack

N/A

2020-12-14< 3.69.7

WordPress Popup Builder plugin <= 3.69.6 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities

Patchstack

N/A

2021-01-28< 3.72

WordPress Popup Builder plugin <= 3.71 - Authenticated Newsletter Send With Custom Content And Sender vulnerability

Patchstack

N/A

2021-01-28< 3.72

WordPress Popup Builder plugin <= 3.71 - Authenticated Deleting/Importing Subscribers vulnerability

Patchstack

N/A

2021-01-28< 3.72

WordPress Popup Builder plugin <= 3.71 - Authenticated Local File Inclusion (LFI) vulnerability

Patchstack

Critical 9.8

2022-03-28< 4.1.1

CVE-2022-0479

CVE Patchstack Wordfence WPScan

Critical 9.8

2019-08-06< 3.45

CVE-2019-14695

CVE Wordfence WPScan

Critical 9.8

2020-02-17< 3.0.2

CVE-2020-9006

CVE Patchstack Wordfence WPScan

Medium 6.1

2020-03-13< 3.64.1

CVE-2020-10196

CVE Wordfence

Medium 6.3

2020-03-13< 3.64.1

CVE-2020-10195

CVE Wordfence WPScan

Medium 6.1

2021-04-05< 3.74

CVE-2021-24152

CVE Wordfence WPScan

High 8.8

2025-10-03< 4.1.1

CVE-2021-25082

EUVD CVE Patchstack Wordfence WPScan

High 7.2

2022-02-21< 4.1.1

CVE-2022-0228

CVE Patchstack Wordfence WPScan