{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T06:24:43.853","vulnerabilities":[{"cve":{"id":"CVE-2023-6696","sourceIdentifier":"security@wordfence.com","published":"2024-06-15T02:15:50.300","lastModified":"2026-04-08T18:18:40.283","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check, the nonce can be obtained from the profile page of a logged-in user. This allows subscribers to perform several actions including deleting subscribers and perform blind Server-Side Request Forgery."},{"lang":"es","value":"El complemento Popup Builder – Create highly converting, mobile friendly marketing popups para WordPress  es vulnerable al acceso no autorizado a la funcionalidad debido a una falta de verificación de capacidad en varias funciones en todas las versiones hasta la 4.3.1 incluida. Si bien algunas funciones contienen una verificación de nonce, el nonce se puede obtener desde la página de perfil de un usuario que haya iniciado sesión. Esto permite a los suscriptores realizar varias acciones, incluida la eliminación de suscriptores y realizar blind Server-Side Request Forgery."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sygnoos:popup_builder:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"4.3.2","matchCriteriaId":"D037081F-B950-44C3-B909-D146ECEFB211"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/popup-builder/tags/4.2.3/com/classes/Ajax.php","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://plugins.trac.wordpress.org/changeset/3096000/popup-builder/trunk/com/classes/Ajax.php","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9f86ec30-7a9d-4c36-8559-bde331c8b958?source=cve","source":"security@wordfence.com","tags":["Patch","Third Party Advisory"]},{"url":"https://plugins.trac.wordpress.org/browser/popup-builder/tags/4.2.3/com/classes/Ajax.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://plugins.trac.wordpress.org/changeset/3096000/popup-builder/trunk/com/classes/Ajax.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9f86ec30-7a9d-4c36-8559-bde331c8b958?source=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}