Heads up WordPress admins! Multiple vulnerabilities existed in the WordPress plugin Popup Builder that could allow disrupting websites. Update your websites now if haven’t done already.
Popup Builder WordPress Plugin Vulnerabilities
Researchers from the WebARX security team have discovered multiple vulnerabilities in the WordPress plugin Popup Builder. It’s a popular plugin that presently boasts over 200,000 downloads.
As described in their blog post, the primary issue they found was the absence of authorization in most AJAX methods.
While the vulnerable plugin possessed the basic functionality to check users’ capability, it didn’t work in case of the flaws. Describing further, the researchers stated,
A nonce token on the other hand is checked but since this nonce token is sent to all users regardless of their capabilities, any user can execute the vulnerable AJAX methods as long as they pass the nonce token.
This lack of checks could allow an attacker to perform activities that could disrupt a site’s reputation. Some of these activities include sending fake newsletters with custom senders, importing or deleting subscribers, local file inclusion (limited to first-line), and much more.
The researchers have briefly explained the vulnerable methods in their post that could allow sending false newsletters with custom content to all subscribers. For exploitation, an authenticated logged in attacker only required access to the nonce token.
Developers Deployed The Patch
According to WebARX team, the vulnerabilities affected the plugin versions 3.71 and below.
The researchers found the bugs in December 2020, after which, they reached out to the developers to report the matter.
Following their report, the developers worked on developing fixes that they eventually released with the plugin version 3.72.
Though, a few days ago, they have released another update (3.73) to the plugin addressing more bugs related to AJAX.
Hence, all users should now ensure updating their websites with the latest version of the Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter plugin to stay protected.
Let us know your thoughts in the comments.
1 comment
Well, 200k installations do not mean that now 200k sites are vulnerable, probably some are not active anymore.
Here you can see the real sites where this plugin is installed: https://spyse.com/advanced-search/domain?search_params=%5B%7B%22domain_info_styles%22%3A%7B%22operator%22%3A%22contains%22,%22value % 22% 3A% 22popup-builder% 22% 7D% 7D% 5D
Total 70k active: https://ibb.co/w76vM25
Warning – you need to take a trial version to watch info.
Comments are closed.