6 matches found
WordPress Popup Builder < 4.0.7 - Remote Code Execution
Popup Builder WordPress plugin before 4.0.7 contains a local file inclusion caused by unsanitized 'sgpbtype' parameter in require statement, letting attackers include arbitrary local files or execute code via wrappers like PHAR, exploit requires attacker to control 'sgpbtype' parameter. id:...
CVE-2021-25082
The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpbtype parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via...
WordPress Popup Builder Plugin < 4.0.7 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sygnoos:popupbuilder"; if description...
CVE-2021-25082
The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpbtype parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via...
CVE-2021-25082 Popup Builder < 4.0.7 - LFI to RCE
The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpbtype parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via...
CVE-2021-25082
CVE-2021-25082 affects the WordPress plugin Popup Builder, pre-4.0.7. A local file inclusion (LFI) exists due to unsanitized and unvalidated sgpb_type being used in a require statement. An attacker controllling the beginning of sgpb_type can leverage this to include arbitrary local files and pote...