Unauthenticated Deletion Vulnerability in Popup Manager WordPress Plugin

Unauthenticated Deletion Vulnerability in Popup Manager WordPress Plugin

CVE-2022-4124 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them

Learn more about our Wordpress Pen Testing.