fkie_cve-2023-28661
Vulnerability from fkie_nvd
Published
2023-03-22 21:15
Modified
2024-11-21 07:55
Severity ?
Summary
The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2023-2 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2023-2 | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.0.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "C2E73D7B-A9CF-4EFF-AD79-2DCAB5E56F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.0.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "54616CED-212F-438A-9544-A661332145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.0.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "C8008A9F-A5A4-4ED0-A417-A800B2BA4D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.0.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1183F60A-A89E-4D62-AE43-B1BC9540BFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.0.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "C503AC15-FB86-444C-BDBA-B116591AB2F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.0.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2D7C80AC-6113-4B89-8D1E-41D279AED395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.0.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "20F6607F-6FA1-4DA8-AC72-1E2C39C74937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.0.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "82D1F362-ED99-42CA-BB60-05B9ABDC45D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.0.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "570507CF-BB82-4CF0-B806-B0D47057712C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.1.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "058497B8-3EB3-4497-B111-D0198586685D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.1.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EC0B6FF6-BC14-4AAD-A74B-622533474A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.1.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "8BA5B5D8-5299-457C-B5DC-1695B2E0BF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.1.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "BDBF6345-3357-45DA-B287-730BAC5ACC31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.1.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D0D3C39B-318B-4203-A504-76C1C3E8DE06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.1.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7379A1E5-35B2-40A1-A4D7-6D83BF677034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.1.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EADC08AC-0855-43AE-8439-6E771AEAF005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.1.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "AA0FCAA7-147C-4EF5-81CD-8106D36E3131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.1.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4C34B202-F992-44EF-A60F-D0CCBC35676F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.1.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "80D538C8-F645-42C4-AF1F-9B398A0E1E6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.2.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A9C4AA1B-F14B-4C5E-ACCB-D29B09EBF12D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.2.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F670474C-3930-433B-82BA-30CC9D747CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.2.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "53A8783A-B911-4112-A641-527DB935634E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.2.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1CF6B83D-6527-4F58-96F7-DA6A9798B47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.2.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "59981B00-F3AB-4145-8FA6-DB1E69D69441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:accesspressthemes:wp_popup_banners:1.2.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "6E62537A-2AE8-4A02-BD8A-D303257BE51A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Popup Banners WordPress Plugin, version \u003c= 1.2.5, is affected by an authenticated SQL injection vulnerability in the \u0027value\u0027 parameter in the get_popup_data action."
}
],
"id": "CVE-2023-28661",
"lastModified": "2024-11-21T07:55:45.650",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-22T21:15:18.827",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2023-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2023-2"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…