Unauthenticated Deletion Vulnerability in Popup Manager WordPress Plugin
CVE-2022-4124 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them
Learn more about our Wordpress Pen Testing.