CVE-2022-32289: WordPress Popup Builder plugin <= 4.1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Popup Status Change - Patchstack

Verified

Fixed

5.4

CVSS 3.1 score Medium severity

Monitoring Coming soon

PSID

de4f39bd2fdd

Classification

Cross Site Request Forgery (CSRF)

OWASP Top 10

A5: Broken Access Control

Publicly disclosed

2022-06-17

Details

Cross-Site Request Forgery (CSRF) vulnerability leading to Popup Status Change discovered by BEE-K (Patchstack) in WordPress Popup Builder plugin (versions <= 4.1.0).

Solution

Update the WordPress Popup Builder plugin to the latest available version (at least 4.1.1).

References

Changeset