CVE-2023-28661

high-risk

Published 2023-03-22

The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action.

Do I need to act?

-

0.73% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

8

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Wp Popup Banners

Affected Vendors

Accesspressthemes

References (2)

Exploit https://www.tenable.com/security/research/tra-2023-2

Exploit https://www.tenable.com/security/research/tra-2023-2

53

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 2/34 · Minimal

Exposure 21/34 · High