CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29495 – WordPress Popup Builder plugin <= 4.1.11 - Cross-Site Request Forgery (CSRF) leading to plugin settings update
https://notcve.org/view.php?id=CVE-2022-29495
Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin Sygnoos Popup Builder versiones anteriores a 4.1.11 incluyéndola, en WordPress que permite a un atacante actualizar la configuración del plugin The "Popup Builder – Create highly converting, mobile friendly marketing popups." plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.11. This is due to missing or incorrect nonce validation on the saveSettings() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/popup-builder/wordpress-popup-builder-plugin-4-1-11-cross-site-request-forgery-csrf-leading-to-plugin-settings-update https://wordpress.org/plugins/popup-builder/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1894 – Popup Builder < 4.1.11 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1894
The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed El plugin Popup Builder de WordPress versiones anteriores a 4.1.11 no escapa ni sanea algunos parámetros, lo que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting Almacenado cuando el unfiltred_html no está permitido The Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html is disabled. • https://wpscan.com/vulnerability/68af14ef-ca66-40d6-a1e5-09f74e2cd971 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32289 – WordPress Popup Builder plugin <= 4.1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Popup Status Change
https://notcve.org/view.php?id=CVE-2022-32289
Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin Sygnoos Popup Builder versiones anteriores a 4.1.0 incluyéndola, en WordPress conllevando a un cambio de estado de las ventanas emergentes The Popup Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.0. This is due to missing nonce validation on thechangePopupStatus() function. This makes it possible for unauthenticated attackers to change a popup's status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/popup-builder/wordpress-popup-builder-plugin-4-1-0-cross-site-request-forgery-csrf-vulnerability-leading-to-popup-status-change https://wordpress.org/plugins/popup-builder/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2022-0479 – Popup Builder < 4.1.1 - SQL Injection to Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0479
The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack against a logged in admin opening a malicious link El plugin Popup Builder de WordPress versiones anteriores a 4.1.1, no sanea ni escapa del parámetro sgpb-subscription-popup-id antes de usarlo en una sentencia SQL en el panel de administración de All Subscribers, conllevando a una inyección SQL, que también podría usarse para llevar a cabo un ataque de tipo Cross-Site Scripting Reflejado contra un administrador conectado que abra un enlace malicioso • https://plugins.trac.wordpress.org/changeset/2686454 https://wpscan.com/vulnerability/0d2bbbaf-fbfd-4921-ba4e-684e2e77e816 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25082 – Popup Builder < 4.0.7 - LFI to RCE
https://notcve.org/view.php?id=CVE-2021-25082
The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR El plugin Popup Builder de WordPress versiones anteriores a 4.0.7, no comprueba ni sanea el parámetro sgpb_type antes de usarlo en una sentencia require, lo que conlleva un problema de inclusión de archivos locales. Además, dado que el comienzo de la cadena puede ser controlado, el problema puede conllevar a una vulnerabilidad RCE por medio de wrappers como PHAR • https://plugins.trac.wordpress.org/changeset/2659117 https://wpscan.com/vulnerability/0f90f10c-4b0a-46da-ac1f-aa6a03312132 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •