3 matches found
CVE-2022-4124
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them...
CVE-2022-4124 Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them...
CVE-2022-4124
CVE-2022-4124 affects the Popup Manager WordPress plugin up to version 1.6.6. Root cause: lack of authorization and CSRF checks when deleting popups, enabling unauthenticated users to delete them. Impact: unauthorized popup deletions. Exploitation: PoC demonstrates a POST to /wp-admin/admin-ajax....