CVE-2020-10196

Popup Builder <= 3.63 - Unauthenticated Stored Cross-Site Scripting

highImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

8.3

CVSS Score

8.3

CVSS Score

high

Severity

3.64.1

Patched in

1412d

Time to patch

Description

An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several of the popup's fields by sending a request to wp-admin/admin-ajax.php with the POST action parameter of sgpb_autosave and including additional data in an allPopupData parameter, including the popup's ID (which is visible in the source of the page in which the popup is inserted) and arbitrary JavaScript which will then be executed in the browsers of visitors to that page. Because the plugin functionality automatically adds script tags to data entered into these fields, this injection will typically bypass most WAF applications.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Low

Confidentiality

Low

Integrity

Low

Availability

Technical Details

Affected versions<=3.63

PublishedMarch 12, 2020

Last updatedJanuary 22, 2024

Affected pluginpopup-builder

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/0d8a8aa7-8344-4ca7-8194-9bc679d18661?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database