PT-2023-21883 · WordPress · Wp Popup Banners

Joshua Martinelle

Published

2023-03-22

Updated

2023-03-28

CVE-2023-28661

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WP Popup Banners WordPress Plugin version <= 1.2.5

Description The issue is an authenticated SQL injection vulnerability. It affects the value parameter in the get popup data action.

Recommendations For WP Popup Banners WordPress Plugin version <= 1.2.5, consider updating to a version greater than 1.2.5 to resolve the issue. As a temporary workaround, restrict access to the get popup data action to minimize the risk of exploitation. Avoid using the value parameter in the affected action until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-28661

Affected Products

Wp Popup Banners

PT-2023-21883 · WordPress · Wp Popup Banners

CVE-2023-28661

Weakness Enumeration

Related Identifiers

Affected Products

References · 4