WordPress Plugin Vulnerabilities

Popup Builder < 4.1.1 - Popup Status Change via CSRF

Description

The plugin does not have CSRF check in place when updating Popup status, which could allow attackers to make a logged in admin update them via a CSRF attack

Affects Plugins

Plugin icon
popup-builder
Fixed in 4.1.1

References

CVE
CVE-2022-32289

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
BEE-K
Verified
No
WPVDB ID
f0e39557-fe07-4df0-8cc3-4d292f1f545d

Timeline

Publicly Published
2022-06-17 (about 3 years ago)
Added
2022-07-25 (about 3 years ago)
Last Updated
2022-08-25 (about 3 years ago)

Other

Published
Title
Published
2025-04-24
Title
Wp Custom CMS Block <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-09-05
Title
Add to Feedly <= 1.2.11 - Cross-Site Request Forgery
Published
2025-02-13
Title
Simple Documentation <= 1.2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2021-02-17
Title
eCommerce Product Catalog < 3.0.18 - CSRF Nonce Bypass
Published
2015-05-26
Title
WP Fastest Cache < 0.8.3.5 - Multiple CSRF