CVE-2021-25082

The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR
References
Link Resource
https://wpscan.com/vulnerability/0f90f10c-4b0a-46da-ac1f-aa6a03312132 Exploit Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2659117 Release Notes Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:sygnoos:popup_builder:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-02-21 11:15

Updated : 2022-02-28 08:37


NVD link : CVE-2021-25082

Mitre link : CVE-2021-25082

Products Affected
No products.
CWE