CVE-2022-29495 MEDIUM

CVE-2022-29495: WordPress Popup Builder plugin <= 4.1.11 - Cross-Site Request Forgery (CSRF) leading to plugin settings update

Vendor Sygnoos
Product Popup Builder (WordPress plugin)
Weakness CWE-352 · CSRF
Published July 22, 2022
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings.

Key dates

02Disclosure timeline

July 22, 2022 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-49341 WordPress PDF Creator Lite plugin <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-51484 Insufficient Validation in Controllers (Activation/Deactivation) in Ampache CVE-2025-3064 WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function CVE-2025-31482 FreshRSS vulnerable to DoS by malicious feed entry loading logout URL CVE-2020-36757 WP Hotel Booking <= 1.10.1 - Cross-Site Request Forgery Bypass