The Popup Builder WordPress plugin before 4.2.6 does not...
High severity
Unreviewed
Published
Feb 12, 2024
to the GitHub Advisory Database
•
Updated Oct 9, 2024
Description
Published by the National Vulnerability Database
Feb 12, 2024
Published to the GitHub Advisory Database
Feb 12, 2024
Last updated
Oct 9, 2024
The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations.
References