Security News > 2020 > March > WordPress Plugin Bug in Popup Builder Threatens 100K Websites
2020-03-13 20:53
Two vulnerabilities - including a high-severity flaw - have been patched in a popular WordPress plugin called Popup Builder.
The more severe flaw could enable an unauthenticated attacker to infect malicious JavaScript into a popup - potentially opening up more than 100,000 websites to takeover.
Popup Builder helps users create and manage popups - such as marketing or promotional notices - for their websites.
The more severe vulnerability stems from a stored cross-site scripting flaw in an AJAX hook used by the WordPress plugin.
Earlier this week, a critical vulnerability was found in a WordPress plugin known as "ThemeREX Addons" that could open the door for remote code execution in tens of thousands of websites.