← Back

CVE-2022-4124

nvd nist
Published: Dec 19, 2022Modified: Jun 17, 2026

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them

Affected (1)

Popup Manager
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Up to 1.6.6

References (2)

Source: contact@wpscan.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.