Description
WordPress Plugin Ninja Popups is prone to multiple vulnerabilities, including PHP object injection and local file inclusion vulnerabilities. Exploiting these issues could allow an attacker to possibly execute arbitrary PHP code within the context of the affected webserver process, or to obtain sensitive information that may help in further attacks. WordPress Plugin Ninja Popups version 4.5.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.5.4 or latest
References
Related Vulnerabilities
Envoy Proxy Improper Certificate Validation Vulnerability (CVE-2022-21657)
WordPress Plugin Movies Cross-Site Scripting (0.6)
MediaWiki CVE-2019-12474 Vulnerability (CVE-2019-12474)
WordPress Plugin SocialGrid 'default_services' Parameter Cross-Site Scripting (2.3)
WordPress Plugin Social Media Widget by Acurax Multiple Unspecified Vulnerabilities (3.2.3)