7.5
CVE-2022-0214
- EPSS 1.57%
- Veröffentlicht 14.02.2022 12:15:16
- Zuletzt bearbeitet 21.11.2024 06:38:09
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginPopup | Custom Popup Builder < 1.3.1 - Unauthenticated Denial of Service
Popup | Custom Popup Builder <= 1.3 - Denial of Service
The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog
Mögliche Gegenmaßnahme
Popup | Custom Popup Builder: Update to version 1.3.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Custom Popup Builder Project ≫ Custom Popup Builder SwPlatformwordpress Version < 1.3.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Popup | Custom Popup Builder
Version
[*, 1.3.1)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.57% | 0.721 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-1284 Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
https://wpscan.com/vulnerability/ca2e8feb-15d6-4965-ad9c-8da1bc01e0f4
https://www.wordfence.com/threat-intel/vulnerabilities/id/9f73d5b3-8d7c-43d1-84e4-f8a3976eab8f