Flawed WordPress popup plugin allows attackers to inject malicious code

Vulnerabilities have been discovered in a popular WordPress plugin called Popup Builder which could allow unauthenticated attackers to inject malicious JavaScript code into popups in order to steal information and even potentially take full control over targeted sites.

The plugin gives site owners the ability to create, deploy and manage customizable popups using a range of different content from HTML and JavaScript code to images and videos. Sygnoos, the developer of Popup Builder, says that businesses can utilize it to increase their sales and revenue through its smart popups that can be used to display ads, subscription requests, discounts and other promotional content.

Source Article