
Home » WordPress News » [WordPress News] Over 700,000 Websites affected due to this Popup maker plugin problem
image credits @ freepik
Popup Maker discovered with a lot of vulnerabilities!
This just in – The U.S. government National Vulnerability Database recently issued a notice explaining a Cross – Site Scripting susceptibility in the famous WordPress Plugin – The Popup Maker
The susceptibility discovered in the Popup Maker – Popup for opt-ins, lead generation and more has till now affected around 700, 000 WordPress websites and counting.
The Popup Maker Plugin integrates with a lot of WordPress & WooCommerce features likes e-mail, newsletter signups and other prominent applications.
Popup Maker Susceptibility
The susceptibility is called kept cross-site scripting (XSS).
The XSS vulnerabilities causes the site publisher to lose control over what is being published when anything is uploaded. Anywhere that an individual can input data can come to be vulnerable there is an absence of control over what can be published.
This particular susceptibility can occur when a hacker can acquire the login credentials of a customer with at least a contributor level access and begin the assault.
Security firm WP Scan (a company by Automattic) released a proof of principle that shows how the exploit works.
Read the U.S. Government National Vulnerability Database advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4381
Popup Maker < 1.16.9 – Contributor+ Stored XSS via Subscription Form – https://wpscan.com/vulnerability/8bf8ebe8-1063-492d-a0f9-2f824408d0df
Click WordPress is a single window support for all your WordPress related requirements. You can find exhaustive content on the following WordPress DIYs, WordPress Troubleshooting, Woocommerce, WordPress Plugins, WordPress Themes