Lucene search
K

6 matches found

Nuclei
Nuclei
added yesterday12 views

WordPress Popup Builder < 4.0.7 - Remote Code Execution

Popup Builder WordPress plugin before 4.0.7 contains a local file inclusion caused by unsanitized 'sgpbtype' parameter in require statement, letting attackers include arbitrary local files or execute code via wrappers like PHAR, exploit requires attacker to control 'sgpbtype' parameter. id:...

8.8CVSS7.4AI score0.05365EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 p.m.6 views

CVE-2021-25082

The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpbtype parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via...

8.8CVSS6.6AI score0.05365EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2022/03/01 12:0 a.m.16 views

WordPress Popup Builder Plugin < 4.0.7 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sygnoos:popupbuilder"; if description...

8.8CVSS7.5AI score0.05839EPSS
Exploits4References2
OSV
OSV
added 2022/02/21 11:15 a.m.2 views

CVE-2021-25082

The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpbtype parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via...

8.8CVSS5.8AI score0.05365EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/02/21 10:45 a.m.38 views

CVE-2021-25082 Popup Builder < 4.0.7 - LFI to RCE

The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpbtype parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via...

8.8AI score0.05365EPSS
Exploits2References2
CVE
CVE
added 2022/02/21 10:45 a.m.120 views

CVE-2021-25082

CVE-2021-25082 affects the WordPress plugin Popup Builder, pre-4.0.7. A local file inclusion (LFI) exists due to unsanitized and unvalidated sgpb_type being used in a require statement. An attacker controllling the beginning of sgpb_type can leverage this to include arbitrary local files and pote...

8.8CVSS8.6AI score0.05365EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder