High severity8.8NVD Advisory· Published Feb 21, 2022· Updated Jun 17, 2026
CVE-2021-25082
CVE-2021-25082
Description
The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <4.0.7
Patches
Vulnerability mechanics
References
2- wpscan.com/vulnerability/0f90f10c-4b0a-46da-ac1f-aa6a03312132nvdExploitThird Party Advisory
- plugins.trac.wordpress.org/changeset/2659117nvdRelease NotesThird Party Advisory
News mentions
0No linked articles in our index yet.