Security Advisory

CVE-2022-0479

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-28 17:22:51

Last updated 2024-08-02 23:32:45

Assigner WPScan

State PUBLISHED

Description

The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack against a logged in admin opening a malicious link

← Browse all CVEs View on cve.org ↗