The responsive WordPress pop-up – Subscription & Newsletter (versions 3.71 and below), a pop-up builder from WordPress, had a security breach in the authorization issues in most AJAX methods. The plugin allows users to create and manage powerful promotion modal popups for their WordPress website or blog. 200000+ active users have installed the plugin, and the latest version, 3.73, is now available in the market. The security susceptibility would result in multiple vulnerabilities for all its users. Hackers could exploit it to send out newsletters with custom content and sender, local file inclusion (limited to first-line), delete newsletter subscribers, import newsletter subscribers, etc. Websites which installed Patchstack are protected from the issue and have already received a virtual patch.
Critical Flaw in WordPress Plugin Pop-up Builder to Affect Websites
February 10, 2022 | | Updated: May 18, 2022
Related Platforms
Our Locations
Recent Case Studies
-
Custom BigCommerce Middleware Development for an Australian BNPL Company
Summary – BigCommerce Middleware Customization Virtina recently triumphantly executed a project for a client based in Australia and New Zealand. The ...
Read More -
Split-order, Split-shipment, and State-wise Sales Tax Issues Resolved for a WooCommerce Company
Summary Virtina won a prestigious project from a rental theme kit delivery company in Colorado, United States. The company creates playful experiences ...
Read More -
Building a WooCommerce Store for the World’s Largest Government-run Retail Chain
Summary A governmental organization approached Virtina to build a website that enabled the organization members to buy products like automobiles and h ...
Read More -
Custom Volusion Middleware Development for a Banking Software Company in Virginia
SummaryTreasury Software is a company that develops banking software and is a Microsoft Gold Certified Partner. The company develops banking software ...
Read More