Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-29495Cross-Site Request Forgery in Popup Builder

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
4.3MEDIUMNVD
CNA5.4
EPSS
1.5%
top 18.76%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Sygnoos Popup Builder
Timeline
PublishedJul 22
Latest updateJul 23

Description

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDsygnoos/popup_builder< 4.1.12
CVEListV5sygnoos/popup_builder4.1.11

Patches

Patch: patchstack.comPatch: patchstack.com

🔴Vulnerability Details

2
GHSA
GHSA-hh6r-56fp-6x7j: Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 42022-07-23
CVEList
WordPress Popup Builder plugin <= 4.1.11 - Cross-Site Request Forgery (CSRF) leading to plugin settings update2022-07-22

💥Exploits & PoCs

1
Nuclei
WordPress Popup Builder <= 4.1.11 - Cross-Site Request Forgery
CVE-2022-29495 — Cross-Site Request Forgery | cvebase