Login Sign Up

CVE-2024-47358

5.3 MEDIUM
Authentication Bypass

📋 TL;DR

This CVE describes a missing authorization vulnerability in the Popup Maker WordPress plugin that allows attackers to access functionality not properly constrained by access control lists. Attackers can exploit this to perform actions they shouldn't have permission for. This affects all WordPress sites using Popup Maker plugin versions up to 1.19.2.

💻 Affected Systems

Products:
  • Popup Maker WordPress Plugin
Versions: n/a through 1.19.2
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: All WordPress installations using vulnerable versions of Popup Maker are affected regardless of configuration.

📦 What is this software?

Popup Maker by Code Atlantic

View all CVEs affecting Popup Maker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify popup settings, create malicious popups, or potentially escalate privileges to gain administrative access to the WordPress site.

🟠

Likely Case

Unauthorized users can modify popup configurations, inject malicious content into popups, or disrupt site functionality by changing popup behavior.

🟢

If Mitigated

With proper access controls, only authorized administrators can modify popup settings, preventing unauthorized changes.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires some level of access to the WordPress site, but detailed exploit techniques are not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.19.3 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/popup-maker/wordpress-popup-maker-plugin-1-19-2-broken-access-control-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Popup Maker and click 'Update Now'. 4. Alternatively, download version 1.19.3+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the Popup Maker plugin until patching is possible

Access Restriction

all

Implement IP-based restrictions to WordPress admin area

🧯 If You Can't Patch

  • Implement web application firewall rules to block suspicious requests to popup maker endpoints
  • Enable detailed logging and monitoring for unauthorized access attempts to plugin functionality

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for Popup Maker version

Check Version:

wp plugin list --name=popup-maker --field=version

Verify Fix Applied:

Verify Popup Maker version is 1.19.3 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized POST requests to /wp-admin/admin-ajax.php with popup_maker actions
  • Unexpected modifications to popup settings

Network Indicators:

  • Unusual traffic patterns to popup maker admin endpoints from unauthorized IPs

SIEM Query:

source="wordpress.log" AND ("popup_maker" OR "admin-ajax.php") AND status=200 AND user_role!=administrator

📊 Metadata

CVE ID: CVE-2024-47358
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-862
Published: November 1, 2024
Last Updated: November 12, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47358, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)