CVE-2022-0228

Name of the Vulnerable Software and Affected Versions Popup Builder WordPress plugin versions prior to 4.0.7

Description The issue is related to the lack of protection against SQL query structure exploitation when handling orderby and order parameters in the admin-post.php script of the Popup Builder plugin for WordPress. This could allow a remote attacker to execute arbitrary SQL code. The vulnerability can be exploited by high privilege users to perform SQL injection, potentially leading to unauthorized data access or modification.

Recommendations For versions prior to 4.0.7, update to version 4.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin dashboard and limiting the privileges of users who can access the Popup Builder plugin to minimize the risk of exploitation. Avoid using the orderby and order parameters in the affected SQL statements until the issue is resolved.