The responsive WordPress pop-up – Subscription & Newsletter (versions 3.71 and below), a pop-up builder from WordPress, had a security breach in the authorization issues in most AJAX methods. The plugin allows users to create and manage powerful promotion modal popups for their WordPress website or blog. 200000+ active users have installed the plugin, and the latest version, 3.73, is now available in the market. The security susceptibility would result in multiple vulnerabilities for all its users. Hackers could exploit it to send out newsletters with custom content and sender, local file inclusion (limited to first-line), delete newsletter subscribers, import newsletter subscribers, etc. Websites which installed Patchstack are protected from the issue and have already received a virtual patch.
Critical Flaw in WordPress Plugin Pop-up Builder to Affect Websites
Related Platforms
Our Locations
Recent Case Studies
-
June 09, 2022Custom BigCommerce Middleware Development for an Australian BNPL Company
Summary – BigCommerce Middleware Customization Virtina recently triumphantly executed a project for a client based in Australia and New Zealand. The ...
Read More -
June 04, 2021
Split-order, Split-shipment, and State-wise Sales Tax Issues Resolved for a WooCommerce Company
Summary Virtina won a prestigious project from a rental theme kit delivery company in Colorado, United States. The company creates playful experiences ...
Read More -
January 08, 2021Building a WooCommerce Store for the World’s Largest Government-run Retail Chain
Summary A governmental organization approached Virtina to build a website that enabled the organization members to buy products like automobiles and h ...
Read More -
September 07, 2020Custom Volusion Middleware Development for a Banking Software Company in Virginia
SummaryTreasury Software is a company that develops banking software and is a Microsoft Gold Certified Partner. The company develops banking software ...
Read More
