Lucene search
WPScanCVE-2022-4124HistoryDec 19, 2022 - 2:15 p.m.
CVE-2022-4124
2022-12-1914:15:12
CWE-352
CWE-862
WPScan
web.nvd.nist.gov
31
cve-2022-4124
popup manager
wordpress plugin
authorization
csrf
unauthenticated users
deletion
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
4.7
Confidence
High
EPSS
0.001
Percentile
39.7%
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them
Affected configurations
Node
popup_manager_projectpopup_managerRange≤1.6.6wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| popup_manager_project | popup_manager | * | cpe:2.3:a:popup_manager_project:popup_manager:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Popup Manager",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "1.6.6"
}
],
"defaultStatus": "affected"
}
]Related
wpvulndb
wpvulndb
Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion
2022-11-28 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2022-4124
2022-12-19 14:15:12
prion
prion
Cross site request forgery (csrf)
2022-12-19 14:15:00
wpexploit
wpexploit
Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion
2022-11-28 00:00:00
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
4.7
Confidence
High
EPSS
0.001
Percentile
39.7%
Related for CVE-2022-4124