PT-2022-9638 · WordPress · Popup Builder
Jrxnm
+1
·
Published
2022-02-21
·
Updated
2025-12-18
·
CVE-2021-25082
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Popup Builder WordPress plugin versions prior to 4.0.7
Description
The Popup Builder WordPress plugin does not properly check and clean the
sgpb type parameter before it is used in a require statement. This can lead to a Local File Inclusion issue. Because the start of the input string can be controlled, this issue can also lead to Remote Code Execution (RCE) through the use of wrappers like PHAR.Recommendations
Update to Popup Builder WordPress plugin version 4.0.7 or later.
Exploit
Fix
RCE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Popup Builder