CVE-2022-2405

The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup
References
Configurations

Configuration 1

cpe:2.3:a:themehunk:wp_popup_builder:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-09-26 01:15

Updated : 2022-10-29 02:52


NVD link : CVE-2022-2405

Mitre link : CVE-2022-2405

Products Affected
No products.