Typically, attackers use such vulnerabilities to redirect visitors to sites with malicious advertising or steal confidential information from browsers, but the vulnerability can also be used to hijack a site if a logged in administrator has visited or previewed a page containing an infected pop-up,” write the experts.
Another unpleasant error in the plug-in (CVE-2020-10195) allowed any user, who logged on (with the rights of a simple subscriber) to access the plug-in functions, export mailing list subscribers, and also export system configuration information using a regular POST request to admin-post.php.
Defiant experts privately reported about these problems to the author of the plugin, which responded within a few hours. They worked together for a week to ensure that the vulnerabilities were fully fixed.
These flaws have been patched in version 3.64.1 and we recommend that users update to the latest version available immediately. While we have not detected any malicious activity targeting Popup Builder, the stored XSS vulnerability can have a serious impact on site visitors and potentially even allow site takeover. Sites running Wordfence Premium have been protected from attacks against these vulnerabilities since March 5, 2020. Sites running the free version of Wordfence will receive the same firewall rule update on April 4, 2020.”, — write Defiant specialists
Researchers note that so far only about 33,000 users have updated the plug-in, that is, over 66,000 sites with outdated versions of the plug-in are still vulnerable.
User Review( votes)