Описание
The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions, such as deleting subscribers, and importing subscribers to conduct stored cross-site scripting attacks.
Ссылки
- Patch
- PatchThird Party Advisory
- Patch
- PatchThird Party Advisory
Уязвимые конфигурации
EPSS
7.4 High
CVSS3
6.4 Medium
CVSS3
Дефекты
Связанные уязвимости
The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions, such as deleting subscribers, and importing subscribers to conduct stored cross-site scripting attacks.
EPSS
7.4 High
CVSS3
6.4 Medium
CVSS3