Security News > 2021 > January > WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites

WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites
2021-01-29 21:56

Developers of a plugin, used by WordPress websites for building pop-up ads for newsletter subscriptions, have issued a patch for a serious flaw.

The plugin has been installed on 200,000 WordPress websites.

The issue stems from a lack of authorization for AJAX methods in the plugin.

AJAX is a set of web-development techniques that are used to create web applications; the AJAX method is used to perform an AJAX request.

Without authorization, attackers could utilize this method to import a list of subscribers from a remote URL, which is then handled in the method saveImportedSubscribers.

Earlier in January, researchers warned of two vulnerabilities in a WordPress plugin called Orbit Fox that could allow attackers to inject malicious code into vulnerable websites and/or take control of a website.


News URL

https://threatpost.com/wordpress-pop-up-builder-plugin-flaw-plagues-200k-sites/163500/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 95 44 18 159
Plugin 2 0 13 1 0 14