PT-2026-20591 · WordPress · Popup Builder

Rafshanzani Suhada

·

Publicado

2026-02-19

·

Atualizado

2026-02-23

·

CVE-2025-13079

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Popup Builder – Create highly converting, mobile friendly marketing popups. versions prior to 4.4.3
Description The Popup Builder plugin for WordPress is susceptible to authorization bypass. This occurs because the plugin generates predictable unsubscribe tokens using deterministic data. An unauthenticated attacker can unsubscribe arbitrary subscribers from mailing lists by brute-forcing the unsubscribe token, provided they know the victim's email address.
Recommendations Versions prior to 4.4.3 should be updated.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1241

Identificadores relacionados

CVE-2025-13079

Produtos afetados

Popup Builder