VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 4 known issues Latest disclosed Apr 16, 2024

Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions Vulnerabilities

Review known vulnerability records for the WordPress plugin Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions (`popup-anything-on-click`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-32601, CVE-2022-38077 and CVE-2022-2115, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
4
High or Critical
0
Patch Coverage
100%
Last Updated
Apr 23, 2024
Priority CVE Quick Links

Fast paths into Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
4
CVE-2022-2115 Medium 2.1.7
CVE-2022-2115 Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions Cross-Site Scripting

Popup Anything – A Marketing Popup and Lead Generation Conversions <= 2.1.6 - Reflected Cross-Site Scripting

CVE-2021-24883 Medium 2.0.4
CVE-2021-24883 Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions Stored Cross-Site Scripting

Popup Anything <= 2.0.3 - Contributor+ Stored Cross-Site Scripting

CVE-2024-32601 Medium 2.8.1
CVE-2024-32601 Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions Vulnerability

Popup Anything <= 2.8.0 - Missing Authorization

CVE-2022-38077 Medium 2.2.2
CVE-2022-38077 Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions Cross-Site Request Forgery

WP OnlineSupport, Essential Plugin Popup Anything <= 2.2.1 - Cross Site Request Forgery

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
4 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2024-32601, CVE-2022-38077 and CVE-2022-2115
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-32601
CVE-2024-32601: Popup Anything <= 2.8.0 - Missing Authorization

The Popup Anything – Popup for opt-ins and Lead Generation Conversions plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the popupaoc_render_popup_preview() function in all versions up to, and including, 2.8.0. This makes it po...

Published
Apr 16, 2024
Patched Release
2.8.1
Affected Versions
Versions up to 2.8.0
Next Step
Update to 2.8.1 or newer if supported.
Open CVE-2024-32601 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-38077
CVE-2022-38077: WP OnlineSupport, Essential Plugin Popup Anything <= 2.2.1 - Cross Site Request Forgery

The WP OnlineSupport, Essential Plugin Popup Anything plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.1. This is due to missing nonce validation on the popupaoc_register_settings() function. This makes it possible for unauthe...

Published
Mar 28, 2023
Patched Release
2.2.2
Affected Versions
Versions before 2.2.2
Next Step
Update to 2.2.2 or newer if supported.
Open CVE-2022-38077 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-2115
CVE-2022-2115: Popup Anything – A Marketing Popup and Lead Generation Conversions <= 2.1.6 - Reflected Cross-Site Scripting

The Popup Anything – A Marketing Popup and Lead Generation Conversions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via a custom key parameter in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it...

Published
Jul 04, 2022
Patched Release
2.1.7
Affected Versions
Versions up to 2.1.6
Next Step
Update to 2.1.7 or newer if supported.
Open CVE-2022-2115 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-24883
CVE-2021-24883: Popup Anything <= 2.0.3 - Contributor+ Stored Cross-Site Scripting

The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks

Published
Oct 25, 2021
Patched Release
2.0.4
Affected Versions
Versions up to 2.0.3
Next Step
Update to 2.0.4 or newer if supported.
Open CVE-2021-24883 Report Open CVE Reference