2 matches found
CVE-2024-2008 Modal Popup Box – Popup Builder, Show Offers And News in Popup <= 1.5.2 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode
The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of untrusted input in the awlmodalpopupboxshortcode function. This makes it possible for authenticated...
WordPress Modal Popup Box Plugin <= 1.5.2 is vulnerable to PHP Object Injection
Software Modal Popup Box Type Plugin Vulnerable versions = 1.5.2 Fixed in 1.5.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2008 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 963c409562cd Credits Francesco Carlucci Required privilege...