CVE-2022-4125 — MEDIUM (4.3)

Q: How severe is CVE-2022-4125?

CVE-2022-4125 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-4125?

Check the references section above for vendor advisories and patch information. Affected products include: Popup Manager Project Popup Manager.

Vulnerability Description

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Popup Manager Project	Popup Manager	<= 1.6.6

Related Weaknesses (CWE)

CWE-352

References

https://wpscan.com/vulnerability/7862084a-2821-4ef1-8d01-c9c8b3f28b05ExploitThird Party Advisory
https://wpscan.com/vulnerability/7862084a-2821-4ef1-8d01-c9c8b3f28b05ExploitThird Party Advisory

FAQ

What is CVE-2022-4125?

CVE-2022-4125 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenti...

How severe is CVE-2022-4125?

CVE-2022-4125 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-4125?

Check the references section above for vendor advisories and patch information. Affected products include: Popup Manager Project Popup Manager.