Popup Manager by Cohhe

Popup Manager by Cohhe <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion

LANACOMMONVDB ID: 8b1c01fd-1370-49d9-b5b2-60f71745b699

The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check when deleting popups, which could allow unauthenticated users to delete them.

You must be log in to view vulnerability details.

Or register a new account.

References

Source Code: https://wordpress.org/plugins/popup-manager/

CVE: CVE-2022-4124

Attributes

Catgory: WordPress Plugin

Discovered: 2022-11-07

Published: 2022-11-28

Affected Version: <= 1.6.6

Classification

Type: Cross-Site Request Forgery (CSRF), Missing Authorization

Researcher

Name: István Márton

Email: [email protected]

Support Us?

We would truly appreciate it if you bought us a bunny (food for a snow leopard).