Vulnerabilities > CVE-2022-0214 - Improper Validation of Specified Quantity in Input vulnerability in Custom Popup Builder Project Custom Popup Builder

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

custom-popup-builder-project

CWE-1284

NVD

Published: 2022-02-14

Updated: 2023-11-07

Summary

The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog

Vulnerable Configurations

Part	Description	Count
Application	Custom_Popup_Builder_Project Custom Popup Builder Project Custom Popup Builder - Custom Popup Builder Project Custom Popup Builder 0.5 Custom Popup Builder Project Custom Popup Builder 0.6 Custom Popup Builder Project Custom Popup Builder 0.7 Custom Popup Builder Project Custom Popup Builder 0.8 Custom Popup Builder Project Custom Popup Builder 1.0	6

Common Weakness Enumeration (CWE)

CWE-1284 - Improper Validation of Specified Quantity in Input

References

https://wpscan.com/vulnerability/ca2e8feb-15d6-4965-ad9c-8da1bc01e0f4