The responsive WordPress pop-up – Subscription & Newsletter (versions 3.71 and below), a pop-up builder from WordPress, had a security breach in the authorization issues in most AJAX methods. The plugin allows users to create and manage powerful promotion modal popups for their WordPress website or blog. 200000+ active users have installed the plugin, and the latest version, 3.73, is now available in the market. The security susceptibility would result in multiple vulnerabilities for all its users. Hackers could exploit it to send out newsletters with custom content and sender, local file inclusion (limited to first-line), delete newsletter subscribers, import newsletter subscribers, etc. Websites which installed Patchstack are protected from the issue and have already received a virtual patch.
Critical Flaw in WordPress Plugin Pop-up Builder to Affect Websites
Related Platforms
Our Locations
Recent Case Studies
-
August 11, 2023Combining Content and Commerce Capabilities of Magento and WordPress for an Energy Service Provider
Everyone in the eCommerce circle has heard the slogan "content is king" at least once. Of course, even a king has his limitations without his army. In ...
Read More -
July 13, 2023
Query Time Optimization With Custom Coding for a Boat Kit Company on WooCommerce
Virtina helps eCommerce store owners get the most out of their online business. It is what we do best. So, it is no wonder we were the first choice fo ...
Read More -
June 30, 2023
Custom Amazon Buy With Prime Integration for a Footwear Store on Volusion
Volusion is one of the most robust eCommerce platforms for running an online business. It can support just about any eCommerce capability you want. Ho ...
Read More -
June 06, 2023Customization of WooCommerce Plugin and Marketplace Release for a Non-profit Fintech Solution Provider
Creating a custom plugin for WooCommerce stores is often more complex than you think. Many organizations need to understand the complexities of the pr ...
Read More
