4 matches found
CVE-2022-2405
The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup...
CVE-2022-2405 WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion
The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup...
CVE-2022-2405
CVE-2022-2405 affects the WordPress WP Popup Builder plugin (versions prior to 1.2.9). The flaw is an authorization and CSRF weakness in an AJAX action, enabling any authenticated user (e.g., subscribers) to delete arbitrary popups. Affected component is the plugin’s AJAX endpoint lacking proper ...
CVE-2022-2405 WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion
The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup...