[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fO6rOvAa41k9dDiAX1We0Cfke0ndZN-ADKb1Zzq-8QY0":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"WF-ec0fff2a-602d-441b-89d1-64d609a4abc0-popup-builder","popup-builder-missing-authorization-on-ajax-actions","Popup Builder \u003C= 3.72 Missing Authorization on AJAX actions","The Popup Builder plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 3.71 due to missing capability checks on various actions called via AJAX. This makes it possible for attackers to import subscribers and send newsletters among other actions.","popup-builder",null,"\u003C=3.71","3.72","medium",6.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:L","Missing Authorization","2021-01-28 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fec0fff2a-602d-441b-89d1-64d609a4abc0?source=api-prod",1090]