The responsive WordPress pop-up – Subscription & Newsletter (versions 3.71 and below), a pop-up builder from WordPress, had a security breach in the authorization issues in most AJAX methods. The plugin allows users to create and manage powerful promotion modal popups for their WordPress website or blog. 200000+ active users have installed the plugin, and the latest version, 3.73, is now available in the market. The security susceptibility would result in multiple vulnerabilities for all its users. Hackers could exploit it to send out newsletters with custom content and sender, local file inclusion (limited to first-line), delete newsletter subscribers, import newsletter subscribers, etc. Websites which installed Patchstack are protected from the issue and have already received a virtual patch.
Critical Flaw in WordPress Plugin Pop-up Builder to Affect Websites
Related Platforms
Our Locations
Recent Case Studies
-
November 22, 2022Data Migration from Adobe Cloud Platform to WPML Format for an International Financial Services Company Based in the U.S.
Virtina always gets the best kick out of tackling the most challenging projects typically unimaginable by standard companies. We invariably say yes to ...
Read More -
June 09, 2022Custom BigCommerce Middleware Development for an Australian BNPL Company
Summary – BigCommerce Middleware Customization Virtina recently triumphantly executed a project for a client based in Australia and New Zealand. The ...
Read More -
June 04, 2021
Split-order, Split-shipment, and State-wise Sales Tax Issues Resolved for a WooCommerce Company
Summary Virtina won a prestigious project from a rental theme kit delivery company in Colorado, United States. The company creates playful experiences ...
Read More -
January 08, 2021
Building a WooCommerce Store for the World’s Largest Government-run Retail Chain
Summary A governmental organization approached Virtina to build a website that enabled the organization members to buy products like automobiles and h ...
Read More
