Lucene search
HistoryDec 19, 2022 - 2:15 p.m.
CVE-2022-4124
cve-2022-4124
popup manager
wordpress plugin
authorization
csrf
unauthenticated users
deletion
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.3%
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them
Affected configurations
Node
popup_manager_projectpopup_managerRange≤1.6.6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| popup_manager_project | popup_manager | * | cpe:2.3:a:popup_manager_project:popup_manager:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Popup Manager",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "1.6.6"
}
],
"defaultStatus": "affected"
}
]Related
wpexploit
wpexploit
Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion
2022-11-28 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-12-19 14:15:00
wpvulndb
wpvulndb
Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion
2022-11-28 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2022-4124
2022-12-19 14:15:12
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.3%
Related for CVE-2022-4124