WordPress Plugin Vulnerabilities

Popup Builder < 4.1.12 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
popup-builder
Fixed in 4.1.12

References

CVE
CVE-2022-29495

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
ca0f90ef-af9a-4628-9032-b536a0e6cd9b

Timeline

Publicly Published
2022-06-30 (about 3 years ago)
Added
2022-07-24 (about 3 years ago)
Last Updated
2023-04-20 (about 3 years ago)

Other

Published
Title
Published
2025-12-20
Title
SEO Search < 1.2 - Cross-Site Request Forgery
Published
2025-06-19
Title
Knowledge Base – Knowledge Base Maker <= 1.1.8 - Cross-Site Request Forgery
Published
2025-01-03
Title
Scratch & Win – Giveaways and Contests < 2.8.0 - Cross-Site Request Forgery via reset_installation Function
Published
2026-01-23
Title
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity < 2.5.3 - Cross-Site Request Forgery to Survey Renaming
Published
2025-03-06
Title
Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins < 2.0.60 - Cross-Site Request Forgery to Stored Cross-Site Scripting