Lucene search
WPScanCVELIST:CVE-2022-0228HistoryFeb 21, 2022 - 10:46 a.m.
CVE-2022-0228 Popup Builder < 4.0.7 - Admin+ SQL Injection
2022-02-2110:46:06
CWE-89
WPScan
www.cve.org
3
cve-2022-0228
popup builder
wordpress plugin
sql injection
admin dashboard
EPSS
0.027
Percentile
90.7%
The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection
CNA Affected
[
{
"product": "Popup Builder – Create highly converting, mobile friendly marketing popups.",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.0.7",
"status": "affected",
"version": "4.0.7",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
Popup Builder < 4.0.7 - Admin+ SQL Injection
2022-01-24 00:00:00
prion
prion
Sql injection
2022-02-21 11:15:00
cve
cve
CVE-2022-0228
2022-02-21 11:15:09
nuclei
nuclei
Popup Builder < 4.0.7 - SQL Injection
2023-10-17 07:20:28
nvd
nvd
CVE-2022-0228
2022-02-21 11:15:09
wpexploit
wpexploit
Popup Builder < 4.0.7 - Admin+ SQL Injection
2022-01-24 00:00:00
patchstack
patchstack
WordPress Popup Builder plugin <= 4.0.6 - SQL Injection (SQLi) vulnerability
2022-01-24 00:00:00
openvas
openvas
WordPress Popup Builder Plugin < 4.0.7 Multiple Vulnerabilities
2022-03-01 00:00:00