CVE-2023-6696 - Vulnerability Details - OpenCVE

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check, the nonce can be obtained from the profile page of a logged-in user. This allows subscribers to perform several actions including deleting subscribers and perform blind Server-Side Request Forgery.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sygnoos	Popup Builder

Configuration 1 [-]

cpe:2.3:a:sygnoos:popup_builder:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/popup-builder/tags/4.2.3/com/classes/Ajax.php
https://plugins.trac.wordpress.org/changeset/3096000/popup-builder/trunk/com/classes/Ajax.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/9f86ec30-7a9d-4c36-8559-bde331c8b958?source=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-06-15T02:02:00.502Z

Updated: 2024-08-02T08:35:14.844Z

Reserved: 2023-12-11T18:28:25.914Z

Link: CVE-2023-6696

Vulnrichment

Updated: 2024-08-02T08:35:14.844Z

NVD

Status : Modified

Published: 2024-06-15T02:15:50.300

Modified: 2024-11-21T08:44:22.863

Link: CVE-2023-6696

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6696", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-12-11T18:28:25.914Z", "datePublished": "2024-06-15T02:02:00.502Z", "dateUpdated": "2024-08-02T08:35:14.844Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-15T02:02:00.502Z"}, "affected": [{"vendor": "popupbuilder", "product": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "4.3.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Popup Builder \u2013 Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check, the nonce can be obtained from the profile page of a logged-in user. This allows subscribers to perform several actions including deleting subscribers and perform blind Server-Side Request Forgery."}], "title": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups <= 4.3.1 - Missing Authorization and Nonce Exposure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f86ec30-7a9d-4c36-8559-bde331c8b958?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/popup-builder/tags/4.2.3/com/classes/Ajax.php"}, {"url": "https://plugins.trac.wordpress.org/changeset/3096000/popup-builder/trunk/com/classes/Ajax.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Lucio S\u00e1"}], "timeline": [{"time": "2024-06-14T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T13:59:51.368858Z", "id": "CVE-2023-6696", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T13:59:57.391Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:14.844Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f86ec30-7a9d-4c36-8559-bde331c8b958?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/popup-builder/tags/4.2.3/com/classes/Ajax.php", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3096000/popup-builder/trunk/com/classes/Ajax.php", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f86ec30-7a9d-4c36-8559-bde331c8b958?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/popup-builder/tags/4.2.3/com/classes/Ajax.php", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3096000/popup-builder/trunk/com/classes/Ajax.php", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:14.844Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6696", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T13:59:51.368858Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T13:59:55.098Z"}}], "cna": {"title": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups <= 4.3.1 - Missing Authorization and Nonce Exposure", "credits": [{"lang": "en", "type": "finder", "value": "Lucio S\u00e1"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}}], "affected": [{"vendor": "popupbuilder", "product": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "4.3.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-06-14T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f86ec30-7a9d-4c36-8559-bde331c8b958?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/popup-builder/tags/4.2.3/com/classes/Ajax.php"}, {"url": "https://plugins.trac.wordpress.org/changeset/3096000/popup-builder/trunk/com/classes/Ajax.php"}], "descriptions": [{"lang": "en", "value": "The Popup Builder \u2013 Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check, the nonce can be obtained from the profile page of a logged-in user. This allows subscribers to perform several actions including deleting subscribers and perform blind Server-Side Request Forgery."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-15T02:02:00.502Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6696", "state": "PUBLISHED", "dateUpdated": "2024-08-02T08:35:14.844Z", "dateReserved": "2023-12-11T18:28:25.914Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-06-15T02:02:00.502Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sygnoos:popup_builder:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D037081F-B950-44C3-B909-D146ECEFB211", "versionEndExcluding": "4.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Popup Builder \u2013 Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check, the nonce can be obtained from the profile page of a logged-in user. This allows subscribers to perform several actions including deleting subscribers and perform blind Server-Side Request Forgery."}, {"lang": "es", "value": "El complemento Popup Builder \u2013 Create highly converting, mobile friendly marketing popups para WordPress es vulnerable al acceso no autorizado a la funcionalidad debido a una falta de verificaci\u00f3n de capacidad en varias funciones en todas las versiones hasta la 4.3.1 incluida. Si bien algunas funciones contienen una verificaci\u00f3n de nonce, el nonce se puede obtener desde la p\u00e1gina de perfil de un usuario que haya iniciado sesi\u00f3n. Esto permite a los suscriptores realizar varias acciones, incluida la eliminaci\u00f3n de suscriptores y realizar blind Server-Side Request Forgery."}], "id": "CVE-2023-6696", "lastModified": "2024-11-21T08:44:22.863", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-15T02:15:50.300", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/browser/popup-builder/tags/4.2.3/com/classes/Ajax.php"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3096000/popup-builder/trunk/com/classes/Ajax.php"}, {"source": "security@wordfence.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f86ec30-7a9d-4c36-8559-bde331c8b958?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/browser/popup-builder/tags/4.2.3/com/classes/Ajax.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3096000/popup-builder/trunk/com/classes/Ajax.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f86ec30-7a9d-4c36-8559-bde331c8b958?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}