WordPress Popup Maker plugin <= 1.17.1 - Broken Access Control vulnerability
CVE-2022-45819

3.5LOW

Key Information:

Vendor: WordPress
Status: Popup Maker
Vendor: CVE Published:; 13 December 2024

Summary

A missing authorization vulnerability exists in Popup Maker, which may lead to the exploitation of incorrectly configured access control security levels. This flaw can allow unauthorized users to gain access to functionality intended for admin users, potentially leading to unauthorized actions on the platform. Users of Popup Maker versions up to 1.17.1 are advised to review their security settings and apply necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Popup Maker <= 1.17.1

References

https://patchstack.com/database/wordpress/plugin/popup-ma...

vdb-entry

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Nov 23, 2022

Credit

István Márton (Patchstack Alliance)