Vulnerabilities

CVE-2021-25082

by Fred · 21/02/2022

The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR

Date published : 2022-02-21

https://plugins.trac.wordpress.org/changeset/2659117

https://wpscan.com/vulnerability/0f90f10c-4b0a-46da-ac1f-aa6a03312132

Similar

Tags: Cybersecurity Alert