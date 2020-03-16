100K Sites Affected By Vulnerabilities Patched In Popup Builder Plugin – Exper Insight

On March 4, researchers discovered several vulnerabilities in Popup Builder, a WordPress plugin installed on over 100,000 sites, including one that allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which would then be executed whenever the popup loaded.

The other vulnerability allowed any logged-in user, even those with minimal permissions such as a subscriber, to export a list of all newsletter subscribers, export system configuration information, and grant themselves access to various features of the plugin.

EXPERTS COMMENTS
Ameet Naik, Security Evangelist ,  PerimeterX
March 16, 2020
With data privacy regulations like CCPA and GDPR raising the stakes, businesses must exercise extreme caution.
The client -side is the new battleground and JavaScript is the attack surface. Over 70% of the scripts on a typical website are third-party. Platforms like Wordpress greatly simplify the process of building a website, and have over 50,000 third-party plugins available for many commonly used functions. However, these can also be exploited by hackers to inject malicious JavaScript into thousands of ....
