Security Advisory

CVE-2023-6294

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-02-12 16:06:01

Last updated 2025-04-24 15:43:33

Assigner WPScan

State PUBLISHED

Description

The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations.

← Browse all CVEs View on cve.org ↗