CVE-2023-6696

{"id": "CVE-2023-6696", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-06-15T02:15:50.300", "references": [{"url": "https://plugins.trac.wordpress.org/browser/popup-builder/tags/4.2.3/com/classes/Ajax.php", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/3096000/popup-builder/trunk/com/classes/Ajax.php", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f86ec30-7a9d-4c36-8559-bde331c8b958?source=cve", "tags": ["Patch", "Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Popup Builder \u2013 Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check, the nonce can be obtained from the profile page of a logged-in user. This allows subscribers to perform several actions including deleting subscribers and perform blind Server-Side Request Forgery."}, {"lang": "es", "value": "El complemento Popup Builder \u2013 Create highly converting, mobile friendly marketing popups para WordPress es vulnerable al acceso no autorizado a la funcionalidad debido a una falta de verificaci\u00f3n de capacidad en varias funciones en todas las versiones hasta la 4.3.1 incluida. Si bien algunas funciones contienen una verificaci\u00f3n de nonce, el nonce se puede obtener desde la p\u00e1gina de perfil de un usuario que haya iniciado sesi\u00f3n. Esto permite a los suscriptores realizar varias acciones, incluida la eliminaci\u00f3n de suscriptores y realizar blind Server-Side Request Forgery."}], "lastModified": "2024-08-06T14:05:42.023", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sygnoos:popup_builder:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D037081F-B950-44C3-B909-D146ECEFB211", "versionEndExcluding": "4.3.2"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}