Vector Strings

Severity Score: 9.8
Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9

Access Vector (AV):
Access Complexity (AC):
Authentication (AU): NONE
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Published Date: 2022-03-28
Last Modified: 2022-04-04

CVE-2022-0479

About:
The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack against a logged in admin opening a malicious link

References

https://plugins.trac.wordpress.org/changeset/2686454
https://wpscan.com/vulnerability/0d2bbbaf-fbfd-4921-ba4e-684e2e77e816

Related CVEs

No related CVEs.

Empower Your Security Strategy with Rainforest

Discover vulnerabilities early, prioritize critical threats, and protect what truly matters. Rainforest streamlines your security operations, saving you time and reducing costs, so you can focus on what drives your business forward.

Book a Demo