CVE-2022-0228

CVE-2022-0228: Popup Builder < 4.0.7 - Admin+ SQL Injection

Vendor Unknown
Product Popup Builder – Create highly converting, mobile friendly marketing popups.
Weakness CWE-89 · SQLi
Published February 21, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection

Key dates

02Disclosure timeline

February 21, 2022 CVE published
August 2, 2024 Record updated