CVE-2022-0228

Summary

The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection

Affected Software

VendorProductVersion RangeStatus
UnknownPopup Builder – Create highly converting, mobile friendly marketing popups.4.0.7 < 4.0.7affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References