Unauthorized Access Vulnerability in Popup Builder Plugin
CVE-2023-6696

8.1HIGH

Key Information:

Vendor: Wordpress
Status: Popup Builder – Create Highly Converting, Mobile Friendly Marketing Popups.
Vendor: CVE Published:; 15 June 2024

Summary

The Popup Builder plugin for WordPress is susceptible to unauthorized access due to a fundamental flaw in various functions across all versions up to and including 4.3.1. Although some functions implement a nonce check, this approach remains insecure as attackers can easily retrieve valid nonces from a logged-in user's profile page. As a consequence, users with subscriber roles may exploit this vulnerability to perform unauthorized actions such as deleting other subscribers and executing blind Server-Side Request Forgery (SSRF) attacks. It is critical for WordPress site administrators to update to the latest version of the plugin to safeguard against these potential threats.

Affected Version(s)

Popup Builder – Create highly converting, mobile friendly marketing popups. * <= 4.3.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/popup-builder/...

https://plugins.trac.wordpress.org/changeset/3096000/popu...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2024

Credit

Lucio Sá