Security Advisory

CVE-2021-25082

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-02-21 10:45:51

Last updated 2024-08-03 19:56:09

Assigner WPScan

State PUBLISHED

Description

The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR

← Browse all CVEs View on cve.org ↗