The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.2. This is due to the plugin generating predictable unsubscribe tokens using deterministic data. This makes it possible for unauthenticated attackers to unsubscribe arbitrary subscribers from mailing lists via brute-forcing the unsubscribe token, granted they know the victims email address
Weakness
The device uses an algorithm that is predictable and generates a pseudo-random number.
Extended Description
Pseudo-random number generator algorithms are predictable because their registers have a finite number of possible states, which eventually lead to repeating patterns. As a result, pseudo-random number generators (PRNGs) can compromise their randomness or expose their internal state to various attacks, such as reverse engineering or tampering.
Potential Mitigations
Related Attack Patterns
References
- https://plugins.trac.wordpress.org/browser/popup-builder/tags/4.4.2/com/classes/Actions.php#L842
- https://plugins.trac.wordpress.org/browser/popup-builder/tags/4.4.2/com/helpers/AdminHelper.php#L896
- https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3444540%40popup-builder\u0026new=3444540%40popup-builder\u0026sfp_email=\u0026sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/62b29721-0580-4e1d-824d-9b8355890248?source=cve