cvedb.io
CVE-2022-2405
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2022-09-26T13:15:10.447 · Last modified 2026-06-17T04:41:50.143

Summary

The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup

Affected products

themehunk — wp_popup_builder

Does this affect you?

Add your gear to cvedb and we'll alert you only when themehunk ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.