CVE-2022-29495
published 2022-07-22CVE-2022-29495: Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings.
PriorityP424medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EXPLOIT
EPSS
0.43%
34.4th percentile
Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sygnoos | popup_builder | < 4.1.12 | 4.1.12 |
| sygnoos | popup_builder | <= 4.1.11 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Popup Builder <= 4.1.11 - Cross-Site Request Forgery
nuclei·CVSS 4.3
CVE-2022-29495 [MEDIUM] WordPress Popup Builder <= 4.1.11 - Cross-Site Request Forgery
WordPress Popup Builder <= 4.1.11 - Cross-Site Request Forgery
Sygnoos Popup Builder plugin <= 4.1.11 for WordPress contains a cross-site request forgery caused by lack of CSRF protection in plugin settings update, letting attackers change settings without authorization, exploit requires victim to visit malicious site or click malicious link.
Template:
id: CVE-2022-29495
info:
name: WordPress Popup Builder <= 4.1.11 - Cross-Site Request Forgery
author: Shivam Kamboj
severity: medium
description: |
Sygnoos Popup Builder plugin <= 4.1.11 for WordPress contains a cross-site request forgery caused by lack of CSRF protection in plugin settings update, letting attackers change settings without authorization, exploit requires victim to visit malicious site or click malicious link.
impact: |
A
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/popup-builder/wordpress-popup-builder-plugin-4-1-11-cross-site-request-forgery-csrf-leading-to-plugin-settings-updatehttps://wordpress.org/plugins/popup-builder/#developershttps://patchstack.com/database/vulnerability/popup-builder/wordpress-popup-builder-plugin-4-1-11-cross-site-request-forgery-csrf-leading-to-plugin-settings-updatehttps://wordpress.org/plugins/popup-builder/#developers
2022-07-22
Published