5 matches found
WordPress Popup Builder Plugin < 4.0.7 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sygnoos:popupbuilder"; if description...
CVE-2022-0228
The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection...
CVE-2022-0228
The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection...
CVE-2022-0228 Popup Builder < 4.0.7 - Admin+ SQL Injection
The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection...
CVE-2022-0228
CVE-2022-0228 concerns the WordPress plugin Popup Builder prior to version 4.0.7. The authenticated admin pages fail to validate/escape the orderby and order parameters before building SQL statements in the admin dashboard, enabling a SQL injection (CWE-89). Several sources (NVD entry and Nuclei/...