Unauthenticated Data Autoload Vulnerability in Custom Popup Builder WordPress Plugin

Unauthenticated Data Autoload Vulnerability in Custom Popup Builder WordPress Plugin

CVE-2022-0214 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog

Learn more about our Wordpress Pen Testing.