First published: Mon Feb 21 2022(Updated: )
The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Sygnoos Popup Builder | <4.0.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Popup Builder WordPress plugin issue is CVE-2021-25082.
CVE-2021-25082 has a severity rating of 8.8 (High).
The affected software version for CVE-2021-25082 is Popup Builder plugin before 4.0.7.
The CVE CWE ID for Popup Builder vulnerability is CWE-22.
To fix the Popup Builder vulnerability, update the plugin to version 4.0.7 or later.