CVE-2022-2405

Name of the Vulnerable Software and Affected Versions WP Popup Builder versions prior to 1.2.9

Description The issue concerns a lack of authorization and CSRF check in an AJAX action within the WP Popup Builder WordPress plugin. This allows any authenticated users, such as subscribers, to delete arbitrary popups.

Recommendations For versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action or disabling it until a patch is available.