CVE-2022-29445 — Use of Incorrectly-Resolved Name or Reference in Popup BOX
Severity
7.2HIGHNVD
CNA6.8
EPSS
1.1%
top 21.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 18
Latest updateMay 19
Description
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9