Developers behind the “Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter” WordPress plugin have recently addressed multiple vulnerabilities that can be exploited to perform various malicious actions on affected websites.
The plugin has over 200,000 active installations to date, it allows WordPress site owners to create, customize, and manage promotion modal popups.
Experts from the security firm WebARX states that the flaw in the “Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter” plugin is caused by the lack of authorization in most AJAX methods.