4 matches found
CVE-2020-9006
The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection in the sgImportPopups function in sgpopupajax.php via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator...
Exploit for Deserialization of Untrusted Data in Sygnoos Popup_Builder
CVE-2020-9006: Wordpress Popup-Builder Plugin Exploit Usage:...
CVE-2020-9006
The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection in the sgImportPopups function in sgpopupajax.php via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator...
CVE-2020-9006
Summary: WordPress Popup Builder plugin versions 2.2.8–2.6.7.6 are vulnerable to SQL injection via PHP deserialization in sg_popup_ajax.php (sgImportPopups) using the attachmentUrl POST data. This can allow an attacker to create an arbitrary WordPress Administrator account, enabling possible Remo...