Vulnerabilities > CVE-2022-4124 - Missing Authorization vulnerability in Popup Manager Project Popup Manager 1.6.6

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

popup-manager-project

CWE-862

NVD

Published: 2022-12-19

Updated: 2023-11-07

Summary

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them

Vulnerable Configurations

Part	Description	Count
Application	Popup_Manager_Project Popup Manager Project Popup Manager 1.6.6	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://wpscan.com/vulnerability/60786bf8-c0d7-4d80-b189-866aba79bce2