CVE-2022-0214

Exploit

EPSS 1.99%
Veröffentlicht 14.02.2022 12:15:16
Zuletzt bearbeitet 21.11.2024 06:38:09
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Popup | Custom Popup Builder <= 1.3 - Denial of Service

The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog

Mögliche Gegenmaßnahme

Popup | Custom Popup Builder: Update to version 1.3.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Popup | Custom Popup Builder

Version [*, 1.3.1)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Custom Popup Builder Project ≫ Custom Popup Builder SwPlatformwordpress Version < 1.3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.99%	0.832

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

https://wpscan.com/vulnerability/ca2e8feb-15d6-4965-ad9c-8da1bc01e0f4

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/9f73d5b3-8d7c-43d1-84e4-f8a3976eab8f

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-0214

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-0214

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-0214

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-0214