CVE-2025-13192

Name of the Vulnerable Software and Affected Versions Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress versions through 2.2.0

Description The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is susceptible to SQL Injection due to inadequate input sanitization and query preparation. This flaw exists in multiple REST API endpoints and allows unauthenticated attackers to inject SQL queries, potentially extracting sensitive data from the database. The issue was addressed in version 2.2.1 for unauthenticated users and fully resolved in version 2.2.3 for Administrator+ level users. The vulnerability affects the user supplied parameter within the REST API endpoints.

Recommendations Upgrade to version 2.2.1 or later for unauthenticated users. Upgrade to version 2.2.3 or later for Administrator+ level users.