CVE-2023-6294

Name of the Vulnerable Software and Affected Versions Popup Builder WordPress plugin versions prior to 4.2.6

Description The issue concerns a lack of validation for a parameter, which could allow users with the administrator role to perform a Server-Side Request Forgery (SSRF) attack in Multisite WordPress configurations. This could potentially lead to file read vulnerabilities. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For versions prior to 4.2.6, update to version 4.2.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameter to minimize the risk of exploitation. Avoid using the vulnerable parameter in Multisite WordPress configurations until the issue is resolved.