CVE-2023-6294
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
12/02/2024
Last modified:
24/04/2025
Description
The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations.
Impact
Base Score 3.x
7.20
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:sygnoos:popup_builder:*:*:*:*:*:wordpress:*:* | 4.2.6 (excluding) |
To consult the complete list of CPE names with products and versions, see this page