CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-68508 – WordPress Brave plugin <= 0.8.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-68508
23 Dec 2025 — Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through <= 0.8.3. The Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 0.8.3. This makes it possible for unauthenticated attackers to perform an u... • https://vdp.patchstack.com/database/Wordpress/Plugin/brave-popup-builder/vulnerability/wordpress-brave-plugin-0-8-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43337 – WordPress Brave plugin <= 0.7.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-43337
16 Aug 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.7.0. The Brave Popup Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.7.0. This is due to missing or incorrect nonce validation on the bravepop_ajax_zoho_init_token() function. This makes it possible for unauthenticated attackers to save an integration token via a forged request granted they can trick a site admini... • https://patchstack.com/database/vulnerability/brave-popup-builder/wordpress-brave-plugin-0-7-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30453 – WordPress Brave plugin <= 0.6.5 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-30453
28 Mar 2024 — Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.6.5. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Brave Brave Popup Builder. Este problema afecta a Brave Popup Builder: desde n/a hasta 0.6.5. The Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.6.5. This makes i... • https://patchstack.com/database/vulnerability/brave-popup-builder/wordpress-brave-plugin-0-6-5-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •