0x9567b/CVE-2024-0844

CVE-2024-0844 - Popup More <= 2.2.4 - Authenticated (Admin+) Directory Traversal to Limited Local File Inclusion

Popup-more < 2.2.0 CVE-2024-0844

Path traversal in the popup-more WordPress plugin.

Description

Vulnerable file location : /popup-more/classes/Ajax.php
Link : https://wordpress.org/plugins/popup-more/#description
Version : - < 2.2.0
Parameter: formKey
Status: patched

https://github.com/advisories/GHSA-wxfh-8hrr-vfjw

Code snippet:

require_once YPM_POPUP_CLASSES.'form/'.esc_attr($key).'Form.php';

Proof of concept: