WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Popup | Custom Popup Builder < 1.3.1 - Unauthenticated Denial of Service

Description

The plugin autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog

Proof of Concept

1) Create a popup (as admin) and access the popup page (as unauthenticated)

2) Send data on the form and intercept the request

3) In the request add a payload called theme_id with any amount of data you want and send it

4) At each pageview the data that was sent will be loaded

Complete POC: https://youtu.be/Do0mLUY9t9I

Affects Plugins

m-wp-popup
Fixed in version 1.3.1

References

CVE
CVE-2022-0214

Classification

Type

DOS

CWE
CWE-400

Miscellaneous

Original Researcher

Felipe de Avila

Submitter

Felipe de Avila

Verified

Yes

WPVDB ID
ca2e8feb-15d6-4965-ad9c-8da1bc01e0f4

Timeline

Publicly Published

2022-01-17 (about 5 months ago)

Added

2022-01-17 (about 5 months ago)

Last Updated

2022-04-12 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin