CVE-2022-0214

HIGH

Custom Popup Builder < 1.3.1 - Unauthenticated Denial of Service via Unvalidated Input Length

Title source: llm
STIX 2.1

Description

The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/ca2e8feb-15d6-4965-ad9c-8da1bc01e0f4

Scores

CVSS v3 7.5
EPSS 0.0157
EPSS Percentile 72.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-1284
Status published
Products (1)
custom_popup_builder_project/custom_popup_builder < 1.3.1
Published Feb 14, 2022
Tracked Since Feb 18, 2026