5 matches found
WordPress Popup Builder <= 4.1.11 - Cross-Site Request Forgery
Sygnoos Popup Builder plugin = 4.1.11 for WordPress contains a cross-site request forgery caused by lack of CSRF protection in plugin settings update, letting attackers change settings without authorization, exploit requires victim to visit malicious site or click malicious link. id: CVE-2022-294...
CVE-2022-29495 WordPress Popup Builder plugin <= 4.1.11 - Cross-Site Request Forgery (CSRF) leading to plugin settings update
Cross-Site Request Forgery CSRF vulnerability in Sygnoos Popup Builder plugin = 4.1.11 at WordPress allows an attacker to update plugin settings...
CVE-2022-29495 WordPress Popup Builder plugin <= 4.1.11 - Cross-Site Request Forgery (CSRF) leading to plugin settings update
Cross-Site Request Forgery CSRF vulnerability in Sygnoos Popup Builder plugin = 4.1.11 at WordPress allows an attacker to update plugin settings...
CVE-2022-29495
Concisely: The WordPress plugin Sygnoos Popup Builder (WP Plugin: Popup Builder) is affected up to version 4.1.11 by a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to update plugin settings. The root cause is insufficient CSRF protection in settings update handling. Rep...
CVE-2022-29495
Cross-Site Request Forgery CSRF vulnerability in Sygnoos Popup Builder plugin = 4.1.11 at WordPress allows an attacker to update plugin settings...