CVE-2022-0214

Published: Feb 14, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog

Affected (1)

Products: Custom Popup Builder Project: Custom Popup Builder

Custom Popup Builder Project

1 product

Custom Popup Builder

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Custom Popup Builder Project Custom Popup Builder	Before 1.3.1

Related CWEs

CWE-1284

Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

References (2)

https://wpscan.com/vulnerability/ca2e8feb-15d6-4965-ad9c-8da1bc01e0f4

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/ca2e8feb-15d6-4965-ad9c-8da1bc01e0f4

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.