Browse all 4 CVE security advisories affecting Popup Maker. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Popup Maker is a WordPress plugin for creating custom popups and modals. Historically, it has been vulnerable to multiple security issues including stored cross-site scripting (XSS) through improper input sanitization, arbitrary file deletion leading to privilege escalation, and remote code execution via unsafe deserialization. The plugin's four recorded CVEs highlight risks from insufficient access controls and insecure data handling. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities in a popular plugin with over 1 million active installations makes it a persistent target for attackers seeking to exploit WordPress sites.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-45819 | WordPress Popup Maker plugin <= 1.17.1 - Broken Access Control vulnerability — Popup MakerCWE-862 | 3.5 | Low | 2024-12-13 |
| CVE-2024-34770 | WordPress Popup Maker WP plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability — Popup Maker WPCWE-79 | 6.5 | Medium | 2024-06-03 |
| CVE-2022-47597 | WordPress Popup Maker Plugin <= 1.17.1 is vulnerable to Sensitive Data Exposure — Popup Maker – Popup for opt-ins, lead gen, & moreCWE-200 | 5.3 | Medium | 2023-12-20 |
| CVE-2017-2284 | WordPress Popup Maker 跨站脚本漏洞 — Popup Maker | 6.1 | - | 2017-08-02 |
This page lists every published CVE security advisory associated with Popup Maker. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.