CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2404 – WP Popup Builder < 1.2.9 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2404
05 Sep 2022 — The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting El plugin WP Popup Builder de WordPress antes de la versión 1.2.9 no sanea y escapa de un parámetro antes de devolverlo a la página, lo que lleva a un Reflected Cross-Site Scripting The WP Popup Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2.8 due to insufficient input... • https://wpscan.com/vulnerability/0d889dde-b9d5-46cf-87d3-4f8a85cf9b98 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2405 – WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion
https://notcve.org/view.php?id=CVE-2022-2405
05 Sep 2022 — The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup El plugin WP Popup Builder WordPress antes de la versión 1.2.9 no dispone de autorización y comprobación CSRF en una acción AJAX, lo que permite a cualquier usuario autentificado, como los suscriptores, eliminar Popups arbitrarios The WP Popup Builder plugin for WordPress is vulnerable to authentication bypass in vers... • https://wpscan.com/vulnerability/50037028-2790-47ee-aae1-faf0724eb917 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •