CVE-2020-10195

Name of the Vulnerable Software and Affected Versions popup-builder plugin versions prior to 3.64.1

Description The issue allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to "wp-admin/admin-post.php", an authenticated attacker with minimal permissions can modify the plugin's settings to allow arbitrary roles access to plugin functionality by setting the action parameter to sgpbSaveSettings, export a list of current newsletter subscribers by setting the action parameter to csv file, or obtain system configuration information including webserver configuration and a list of installed plugins by setting the action parameter to sgpb system info.

Recommendations For versions prior to 3.64.1, update to version 3.64.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/admin-post.php" endpoint or disabling the sgpbSaveSettings, csv file, and sgpb system info actions until a patch is applied. Restrict access to the com/classes/Actions.php file to minimize the risk of exploitation. Avoid using the action parameter in the affected API endpoint until the issue is resolved.