CVE-2022-32289Cross-Site Request Forgery in Popup Builder

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
4.3MEDIUMNVD
CNA5.4
EPSS
0.1%
top 71.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sygnoos Popup Builder
Timeline
PublishedJul 21
Latest updateJul 22

Description

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5sygnoos/popup_builder4.1.0

Patches

Patch: patchstack.comPatch: patchstack.com

🔴Vulnerability Details

2
GHSA
GHSA-c49p-rhwp-gjx6: Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 42022-07-22
CVEList
WordPress Popup Builder plugin <= 4.1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Popup Status Change2022-07-21
CVE-2022-32289 — Cross-Site Request Forgery | cvebase