PT-2023-21883 · WordPress · Wp Popup Banners

Joshua Martinelle

Publicado

2023-03-22

Atualizado

2023-03-28

CVE-2023-28661

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WP Popup Banners WordPress Plugin version <= 1.2.5

Description The issue is an authenticated SQL injection vulnerability. It affects the value parameter in the get popup data action.

Recommendations For WP Popup Banners WordPress Plugin version <= 1.2.5, consider updating to a version greater than 1.2.5 to resolve the issue. As a temporary workaround, restrict access to the get popup data action to minimize the risk of exploitation. Avoid using the value parameter in the affected action until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-28661

Produtos afetados

Wp Popup Banners

PT-2023-21883 · WordPress · Wp Popup Banners

CVE-2023-28661

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4