Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitFelipe de AvilaWPEX-ID:CA2E8FEB-15D6-4965-AD9C-8DA1BC01E0F4
HistoryJan 17, 2022 - 12:00 a.m.

Popup | Custom Popup Builder < 1.3.1 - Unauthenticated Denial of Service

2022-01-1700:00:00
Felipe de Avila
107

0.001 Low

EPSS

Percentile

48.5%

JSON

The plugin autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog

1) Create a popup (as admin) and access the popup page (as unauthenticated)

2) Send data on the form and intercept the request

3) In the request add a payload called theme_id with any amount of data you want and send it

4) At each pageview the data that was sent will be loaded

Complete POC: https://youtu.be/Do0mLUY9t9I

Related

cnvd 1
nvd 1
wpvulndb 1
patchstack 1
prion 1
cvelist 1
cve 1
cnvd
cnvd
WordPress Custom Popup Builde plugin denial of service vulnerability
2022-02-16 00:00:00
nvd
nvd
CVE-2022-0214
2022-02-14 12:15:16
wpvulndb
wpvulndb
Popup | Custom Popup Builder < 1.3.1 - Unauthenticated Denial of Service
2022-01-17 00:00:00
patchstack
patchstack
WordPress Popup | Custom Popup Builder plugin <= 1.3 - Unauthenticated Denial of Service (DoS) vulnerability
2022-01-17 00:00:00
prion
prion
Denial of service
2022-02-14 12:15:00
cvelist
cvelist
CVE-2022-0214 Popup | Custom Popup Builder < 1.3.1 - Unauthenticated Denial of Service
2022-02-14 09:21:10
cve
cve
CVE-2022-0214
2022-02-14 12:15:16

0.001 Low

EPSS

Percentile

48.5%

JSON
Related for WPEX-ID:CA2E8FEB-15D6-4965-AD9C-8DA1BC01E0F4
cnvd1nvd1wpvulndb1patchstack1prion1cvelist1cve1