WordPress Popup Box plugin <= 2.1.2 - Authenticated Local File Inclusion (LFI) vulnerability
Vulnerable versions
<= 2.1.2
PSID
6f5b3d53f2d5
Classification
Local File Inclusion
OWASP Top 10
A1: Injection
Required privilege
Requires high role user authentication like admin.
Publicly disclosed
2022-05-16
Patchstack vPatch available since
09.12.2021
Details
Authenticated Local File Inclusion (LFI) vulnerability discovered by 0xB9 (Patchstack Alliance) in WordPress Popup Box plugin (versions <= 2.1.2).
Solution
Update the WordPress Popup Box plugin to the latest available version (at least 2.2).
References
CVE-2022-29445
Plugin changelog