The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/50037028-2790-47ee-aae1-faf0724eb917 | Exploit Third Party Advisory |
Configurations
History
03 Oct 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup |
28 Sep 2022, 16:37
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://wpscan.com/vulnerability/50037028-2790-47ee-aae1-faf0724eb917 - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:themehunk:wp_popup_builder:*:*:*:*:*:wordpress:*:* | |
First Time |
Themehunk
Themehunk wp Popup Builder |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
26 Sep 2022, 13:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-26 13:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-2405
Mitre link : CVE-2022-2405
CVE.ORG link : CVE-2022-2405
JSON object : View
Products Affected
themehunk
- wp_popup_builder