CVE-2026-3475 | instantpopupbuilder Instant Popup Builder Plugin up to 1.1.7 on WordPress Token handle_email_verification_page token/email authorization

Inserito da Angelo Barbosa | Mar 19, 2026 | CVE

A vulnerability classified as critical has been found in instantpopupbuilder Instant Popup Builder Plugin up to 1.1.7 on WordPress. This impacts the function handle_email_verification_page of the component Token Handler. This manipulation of the argument token/email causes missing authorization.

The identification of this vulnerability is CVE-2026-3475. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2026-3475 | instantpopupbuilder Instant Popup Builder Plugin up to 1.1.7 on WordPress Token handle_email_verification_page token/email authorization

Post correlati

CVE-2024-21095 | Oracle Primavera P6 Enterprise Project Portfolio Management Remote Code Execution

CVE-2024-2244 | Hitachi Energy Asset Suite EAM prior 9.6.3.13/9.6.4.1 REST Service improper authentication

CVE-2024-10619 | Tongda OA 2017 up to 11.10 next_detail.php repid sql injection

CVE-2025-4987 | Dassault Systèmes Project Portfolio Manager cross site scripting