Back to CVE Browser

CVE-2020-9006

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0110%

EPSS Percentile15.46th

PublishedFeb 17, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator account, leading to possible Remote Code Execution because Administrators can run PHP code on Wordpress instances. (This issue has been fixed in the 3.x branch of popup-builder.)

Affected Platforms (CPE)

📦

Sygnoos

Popup Builder

>= 2.2.8 and <= 2.6.7.6

References & Advisories

🔗 https://plugins.trac.wordpress.org/browser/popup-builder/tags/2.2.8/files/sg_popup_ajax.php#L69

🔗 https://wordpress.org/plugins/popup-builder/#developers

🔗 https://wpvulndb.com/vulnerabilities/10073

🔗 https://zeroauth.ltd/blog/2020/02/16/cve-2020-9006-popup-builder-wp-plugin-sql-injection-via-php-deserialization/

🔗 https://plugins.trac.wordpress.org/browser/popup-builder/tags/2.2.8/files/sg_popup_ajax.php#L69

🔗 https://wordpress.org/plugins/popup-builder/#developers

🔗 https://wpvulndb.com/vulnerabilities/10073

🔗 https://zeroauth.ltd/blog/2020/02/16/cve-2020-9006-popup-builder-wp-plugin-sql-injection-via-php-deserialization/

Related Vulnerabilities

CVE-2019-146959.8

A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of thi...

CVE-2021-250828.8

The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a requir...

CVE-2020-101956.3

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope ...

CVE-2020-101966.1

An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScrip...