CVE-2020-10195

Popup Builder <= 3.63 - Authenticated Settings Modification, Configuration Disclosure, and User Data Export

mediumExposure of Sensitive Information to an Unauthorized Actor

6.3

CVSS Score

6.3

CVSS Score

medium

Severity

3.64.1

Patched in

1412d

Time to patch

Description

The Popup Builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal (subscriber-level) permissions can modify the plugin's settings to allow arbitrary roles (including subscribers) access to plugin functionality by setting the action parameter to sgpbSaveSettings, export a list of current newsletter subscribers by setting the action parameter to csv_file, or obtain system configuration information including webserver configuration and a list of installed plugins by setting the action parameter to sgpb_system_info.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Low

Confidentiality

Low

Integrity

Low

Availability

Technical Details

Affected versions<=3.63

PublishedMarch 12, 2020

Last updatedJanuary 22, 2024

Affected pluginpopup-builder

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/a3a715b9-85df-46dd-9207-2066b6da9c43?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database