Lucene search

K
cve[email protected]CVE-2023-6294
HistoryFeb 12, 2024 - 4:15 p.m.

CVE-2023-6294

2024-02-1216:15:08
web.nvd.nist.gov
47
popup builder
wordpress
plugin
ssrf
security vulnerability
cve-2023-6294

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.8%

The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations.

Affected configurations

Vulners
Node
sygnoospopup_builderRange<4.2.6
VendorProductVersionCPE
sygnoospopup_builder*cpe:2.3:a:sygnoos:popup_builder:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Popup Builder",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "4.2.6"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.8%

Related for CVE-2023-6294