The responsive WordPress pop-up – Subscription & Newsletter (versions 3.71 and below), a pop-up builder from WordPress, had a security breach in the authorization issues in most AJAX methods. The plugin allows users to create and manage powerful promotion modal popups for their WordPress website or blog. 200000+ active users have installed the plugin, and the latest version, 3.73, is now available in the market. The security susceptibility would result in multiple vulnerabilities for all its users. Hackers could exploit it to send out newsletters with custom content and sender, local file inclusion (limited to first-line), delete newsletter subscribers, import newsletter subscribers, etc. Websites which installed Patchstack are protected from the issue and have already received a virtual patch.
Critical Flaw in WordPress Plugin Pop-up Builder to Affect Websites
February 10, 2022 | | Updated: May 18, 2022
Recent Case Studies
March 15, 2023
Highly-customized BigCommerce App for a Leading Fintech Company Offering POS BNPL Services
One thing that separates Virtina from the rest of the eCommerce developers is its ability to work with innovative technologies. We were only happy whe ...Read More
February 20, 2023
Custom Magento 2 Extension to Facilitate Easy and Convenient BNPL Capability
Magento experts must consider several factors when developing an extension for BNPL (Buy Now Pay Later) payment solutions. Many Magento developers ref ...Read More
February 14, 2023
Customized BigCommerce App Development for Implementing Shoppable Videos for an Online Store
Virtina never backs away from a good challenge. One of the challenging projects that we undertook recently was the BigCommerce app development for Fir ...Read More
November 22, 2022
Data Migration from Adobe Cloud Platform to WPML Format for an International Financial Services Company Based in the U.S.
Virtina always gets the best kick out of tackling the most challenging projects typically unimaginable by standard companies. We invariably say yes to ...Read More