Vulnerabilities > CVE-2022-28612 - Unspecified vulnerability in Custom Popup Builder Project Custom Popup Builder
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress.
Vulnerable Configurations
References
- https://patchstack.com/database/vulnerability/m-wp-popup/wordpress-custom-popup-builder-plugin-1-3-1-improper-access-control-vulnerability-leading-to-multiple-authenticated-stored-xss
- https://patchstack.com/database/vulnerability/m-wp-popup/wordpress-custom-popup-builder-plugin-1-3-1-improper-access-control-vulnerability-leading-to-multiple-authenticated-stored-xss
- https://wordpress.org/plugins/m-wp-popup/
- https://wordpress.org/plugins/m-wp-popup/