CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress.

**popup-box**

**Software**

**Popup Box**

**Vulnerable Versions**

**<= 2.1.2**

**Fixed in version**

**2.2**

**CVE**

**CVE-2022-29445**

**References**

**Credits**

**Classification**

**Local File Inclusion**

**OWASP Top 10**

**A1: Injection**

**Disclosure Date**

**2022-05-16**

**CVSS 3.0 score**

**Requires high role user authentication like admin.**

**Are your websites subject to this vulnerability?**

**Details**

**Authenticated Local File Inclusion (LFI) vulnerability discovered by 0xB9 (Patchstack Alliance) in WordPress Popup Box plugin (versions <= 2.1.2).**

**Solution**

**Update the WordPress Popup Box plugin to the latest available version (at least 2.2).**

**Found a vulnerability that puts your sites at risk?**

**Found a vulnerability? Help us secure the web and join our community of ethical hackers.**

**Are you the developer of this software? Hire our researchers for a thorough security audit.**

Headline

CVE-2022-29445: WordPress Popup Box plugin <= 2.1.2 - Authenticated Local File Inclusion (LFI) vulnerability - Patchstack

CVE: Latest News