CVE-2022-38077

MEDIUM

Popup Anything - A Marketing Popup and Lead Generation Conversions <= 2.2.1 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions.

Scores

CVSS v3 4.3
EPSS 0.0026
EPSS Percentile 16.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (2)
essentialplugin/popup_anything < 2.2.1
WP OnlineSupport, Essential Plugin/Popup Anything – A Marketing Popup and Lead Generation Conversions < 2.2.1
Published Mar 29, 2023
Tracked Since Feb 18, 2026