2 matches found
CVE-2022-0214
The CVE-2022-0214 issue affects the WordPress plugin “Custom Popup Builder” prior to v1.3.1. The popup data autoloads on every page and can be populated by unauthenticated input, with length not being validated, enabling a denial of service on the blog. Affected software: WordPress Custom Popup B...
CVE-2022-28612
Affected software: WordPress + Muneeb’s Custom Popup Builder plugin (versions ≤ 1.3.1). Vulnerability: Improper access control enabling multiple authenticated users (contributor or higher) to trigger stored Cross‑Site Scripting (XSS). Root cause is insufficient authorization/sanitization of input...