CVE-2024-2008 in Modal Popup Box Plugin
Summary
by MITRE • 04/04/2024
The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of untrusted input in the awl_modal_popup_box_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/14/2026
The vulnerability identified as CVE-2024-2008 affects the Modal Popup Box – Popup Builder plugin for WordPress, specifically targeting versions up to and including 1.5.2. This represents a critical security flaw that exploits PHP Object Injection techniques through improper input validation within the awl_modal_popup_box_shortcode function. The vulnerability exists due to the plugin's failure to adequately sanitize user-supplied data before processing it through PHP's unserialize() function, creating a pathway for malicious object manipulation.
The technical exploitation of this vulnerability requires an attacker to possess at least contributor-level privileges within the WordPress environment, which significantly reduces the barrier to entry for potential exploitation. The flaw manifests when untrusted input reaches the awl_modal_popup_box_shortcode function where PHP object deserialization occurs without proper validation. This creates a dangerous scenario where attackers can craft malicious serialized objects that, when processed, execute arbitrary code on the target system. The vulnerability is classified under CWE-502 as it involves deserialization of untrusted data, making it particularly dangerous due to its potential for remote code execution.
The operational impact of this vulnerability extends beyond simple privilege escalation, as it enables attackers to perform various malicious activities including arbitrary file deletion, data exfiltration, and code execution. The severity is amplified by the fact that attackers can leverage existing plugin or theme components to construct a complete exploitation chain, potentially bypassing additional security measures that might otherwise protect the system. This makes the vulnerability particularly concerning in environments where multiple plugins or themes are installed, as the attack surface expands significantly with each additional component that could provide a POP (PHP Object Pollution) chain.
Mitigation strategies should focus on immediate plugin updates to the latest secure versions, as well as implementing robust input validation and sanitization practices. Organizations should also consider implementing network-level protections such as web application firewalls and monitoring for suspicious serialized data patterns. The vulnerability demonstrates the critical importance of proper data validation in PHP applications and aligns with ATT&CK technique T1548.005 related to abuse of credentials and privilege escalation. Regular security audits and vulnerability assessments should be conducted to identify similar flaws in other plugins and themes, as this type of vulnerability represents a common vector for advanced persistent threats in WordPress environments.