Lucene search
CVE-2022-0479
The Popup Builder WordPress plugin before 4.1.1 allows SQL injection and XSS attacks
Show more
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | Popup Builder < 4.1.1 - SQL Injection to Reflected Cross-Site Scripting | 7 Mar 202200:00 | – | wpvulndb |
 | Cross site scripting | 28 Mar 202218:15 | – | prion |
 | Popup Builder < 4.1.1 - SQL Injection to Reflected Cross-Site Scripting | 7 Mar 202200:00 | – | wpexploit |
 | CVE-2022-0479 | 28 Mar 202218:15 | – | nvd |
 | WordPress Popup Builder Plugin < 4.1.1 SQLi Vulnerability | 1 Apr 202200:00 | – | openvas |
 | WordPress Popup Builder plugin <= 4.1.0 - SQL Injection (SQLi) vulnerability to Reflected Cross-Site Scripting (XSS) | 7 Mar 202200:00 | – | patchstack |
 | Popup Builder Plugin - SQL Injection and Cross-Site Scripting | 6 Nov 202417:52 | – | nuclei |
 | WordPress Popup Builder plugin SQL Injection Vulnerability | 30 Mar 202200:00 | – | cnvd |
 | CVE-2022-0479 Popup Builder < 4.1.1 - SQL Injection to Reflected Cross-Site Scripting | 28 Mar 202217:22 | – | cvelist |
Node
[
{
"product": "Popup Builder – Create highly converting, mobile friendly marketing popups.",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.1.1",
"status": "affected",
"version": "4.1.1",
"versionType": "custom"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| sgpb-subscription-popup-id | query param | /wp-admin/edit.php | The parameter sgpb-subscription-popup-id is vulnerable to SQL injection which can also lead to XSS vulnerabilities. | CWE-89 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo28 Mar 2022 18:15Current
9.2High risk
Vulners AI Score9.2
CVSS27.5
CVSS39.8
EPSS0.06723