Description

WordPress Plugin Popup Builder-Responsive WordPress Pop up-Subscription & Newsletter is prone to multiple vulnerabilities, including local file inclusion and security bypass vulnerabilities. Exploiting these issues could allow an attacker to obtain sensitive information that could aid in further attacks, or to perform otherwise restricted actions and subsequently delete/import subscribers or send out newsletters with custom content and sender. WordPress Plugin Popup Builder-Responsive WordPress Pop up-Subscription & Newsletter version 3.71 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.72 or latest

References

https://www.webarxsecurity.com/multiple-vulnerabilities-wordpress-plugin-popup-builder/

https://plugins.svn.wordpress.org/popup-builder/trunk/readme.txt

Related Vulnerabilities

OpenSSL Resource Management Errors Vulnerability (CVE-2016-6304)

Joomla! Core 1.5.x Multiple Vulnerabilities (1.5.0 - 1.5.9)

Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-39128)

MySQL CVE-2017-3461 Vulnerability (CVE-2017-3461)

Oracle JRE CVE-2022-21618 Vulnerability (CVE-2022-21618)

Severity

High

Classification

CWE-22 CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update