Lucene search
HistorySep 26, 2022 - 1:15 p.m.
CVE-2022-2405
wordpress
popup
authorization
csrf
deletion
security
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
21.4%
The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup
Affected configurations
Node
themehunkwp_popup_builderRange<1.2.9wordpress
Related
cve
cve
CVE-2022-2405
2022-09-26 13:15:10
cnvd
cnvd
WordPress WP Popup Builder licensing issue vulnerability
2022-09-28 00:00:00
wpexploit
wpexploit
WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion
2022-09-05 00:00:00
wpvulndb
wpvulndb
WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion
2022-09-05 00:00:00
patchstack
patchstack
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2022-09-26 13:15:00
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
21.4%
Related for NVD:CVE-2022-2405