This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: SQL Injection (SQLi) in WordPress Plugin 'Popup Builder'. π₯ **Consequences**: Attackers can inject malicious SQL code via the `sgpb-subscription-popup-id` parameter.β¦
π‘οΈ **CWE-89**: Improper Neutralization of Special Elements used in an SQL Command. π **Flaw**: The plugin fails to **clean and escape** the `sgpb-subscription-popup-id` parameter before using it in SQL statements within β¦
π¦ **Product**: Popup Builder β Create highly converting, mobile friendly marketing popups. π **Affected Versions**: All versions **before 4.1.1**. π **Platform**: WordPress sites using this specific plugin.
Q4What can hackers do? (Privileges/Data)
π **Attacker Actions**: 1. **SQL Injection**: Extract, modify, or delete database data. 2. **Privilege Escalation**: The vulnerability can be leveraged to execute attacks against **logged-in administrators**. 3.β¦
β οΈ **Threshold**: Low to Medium. π **Auth**: Requires interaction with the subscriber management dashboard. π **Config**: The vulnerability exists in the parameter handling logic, making it accessible if the plugin is inβ¦
π **Public Exploit**: Yes. π **PoC Available**: Proof of Concept exists in the **Nuclei templates** repository (projectdiscovery/nuclei-templates). π **Status**: Known and documented in security databases like WPScan.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: 1. Scan for **Popup Builder** plugin version < 4.1.1. 2. Use automated scanners (e.g., **Nuclei**) with the CVE-2022-0479 template. 3.β¦
β **Fixed**: Yes. π§ **Patch**: Version **4.1.1** and later resolve the issue. π’ **Source**: Official WordPress plugin changeset (2686454) confirms the fix.
Q9What if no patch? (Workaround)
π§ **Workaround (If No Patch)**: 1. **Disable** the Popup Builder plugin immediately. 2. **Restrict Access**: Limit access to the subscriber management dashboard. 3.β¦
π₯ **Priority**: HIGH. β³ **Urgency**: Immediate action required. π‘ **Reason**: Active exploitation is possible, affects admin privileges, and public PoCs exist. Update to v4.1.1+ ASAP.