MeldSecurity
Press Enter to search
CVE Database & Search โ†’
Sign In Get Started

CVE-2025-13192

๐Ÿ”ด HIGH

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints i...

Published
Feb 05, 2026
Last Modified
Feb 05, 2026
Views
6
Bookmarks
0

Description

Request Expert Review

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Vulnerability was patched in version 2.2.1 for unauthenticated users, and fully patched in version 2.2.3 for Administrator+ level users.

CVSS Scores

CVSS 3.1 8.2
8.2
HIGH
CVSS 2.0 8.2

References

plugins.trac.wordpress.org plugins.trac.wordpress.org plugins.trac.wordpress.org plugins.trac.wordpress.org plugins.trac.wordpress.org plugins.trac.wordpress.org www.wordfence.com

Additional Information

Source
security@wordfence.com
State
Received

Related CVEs

CVE-2025-10314

HIGH

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attack...

Score: 8.8

CVE-2025-11730

HIGH

A postโ€‘authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V...

Score: 7.2

CVE-2026-1898

MEDIUM

A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component L...

Score: 6.3

CVE-2026-1897

MEDIUM

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of t...

Score: 4.3

CVE-2026-1896

MEDIUM

A vulnerability has been found in WeKan up to 8.20. Affected by this vulnerability is the function ComprehensiveBoardMigration of the file server/migr...

Score: 6.3

CVE-2019-25288

HIGH

Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privi...

Score: 7.8

Share CVE-2025-13192

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-13192 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis