ThreatPress

WordPress Vulnerability Database

Back

WordPress Popup Builder plugin <= 3.71 - Authenticated Deleting/Importing Subscribers vulnerability

Product
Popup Builder
Description
Authenticated Deleting/Importing Subscribers vulnerability found by Dave Jong (WebARX Security) in WordPress Popup Builder plugin (versions <= 3.71).
Solution
Update the WordPress Popup Builder plugin to the latest available version (at least 3.72).
Classification
Type Multiple Vulnerabilities
OWASP Top 10 A7: Missing Function Level Access Control
References
Plugin changelog
Vulnerability details
CVE
Name CVE-N/A
Versions
Affected In <= 3.71
Fixed In 3.72
Disclosure date
2021-01-28
Credits
Dave Jong (WebARX Security)