Описание
The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.6 (исключая)
cpe:2.3:a:sygnoos:popup_builder:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 55%
0.00328
Низкий
7.2 High
CVSS3
7.5 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
почти 2 года назад
The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations.
EPSS
Процентиль: 55%
0.00328
Низкий
7.2 High
CVSS3
7.5 High
CVSS3
Дефекты
CWE-22