The U.S. federal government National Vulnerability Database issued an advisory about a Saved Cross-Site Scripting vulnerability in the preferred Popup Maker plugin for WordPress.
Popup Maker for WordPress:
A vulnerability was identified in the βPopup Makerβ WordPress plugin, which is set up in above 700,000 web-sites. This plugin integrates with a lot of contact forms and is designed to drive conversions in WooCommerce retailers and electronic mail publication signups. Even with getting launched in 2021, it has earned about 4,000 5-star testimonials.
Popup Maker Vulnerability:
This plugin is vulnerable to saved cross-web-site scripting (XSS). A destructive script is uploaded to the server and stored there, as a result the name βstored.β XSS vulnerabilities occur when enter knowledge is not thoroughly sanitised, ensuing in a lack of control above what can be uploaded. This vulnerability can be exploited if a hacker gains accessibility to a consumer with at minimum contributor-stage credentials.
Result in & Resolution:
Stored XSS vulnerabilities can have extreme repercussions, like web site takeover and person details publicity. There was an update to resolve the challenge, but a bug was released in the patch. To keep away from problems, update to the most recent edition (V1.17.1).
WORDPRESS News AND Articles
TUTORIALS AND HOW-TOS
Sources