More than 100,000 websites were vulnerable to attacks due to problems in Popup Builder, a popular plugin for WordPress,
reported by Defiant specialists. This plugin allows website owners to create custom pop-up windows containing content ranging from HTML and JavaScript code to images and videos.
The most important bug found in Popup Builder was identified as CVE-2020-10196 and scored 8.3 on the CVSS vulnerability rating scale. This problem is stored XSS and allows unauthenticated attackers to inject malicious JavaScript code into any pop-up windows on vulnerable resources, steal information, and possibly completely take over the target sites. Vulnerabilities affect all versions of Popup Builder up to 3.64.1.
“Typically, attackers use these vulnerabilities to redirect visitors to websites with malicious ads or steal sensitive information from browsers, but the vulnerability can also be exploited to hijack a site if a logged-in administrator visited or previewed a page containing an infected pop-up window,” experts write.
Another nasty bug in the plugin (CVE-2020-10195) allowed anyone who logged in to user (with the rights of a simple subscriber) to access the plugin functions, export mailing lists, and export information about the system configuration using a regular POST request to admin-post.php.
With the release of Popup Builder version 3.64.1, the vulnerabilities were fixed, but the researchers note that so far only about 33,000 users have updated the plugin, that is, more than 66,000 sites with outdated versions of the plugin are still vulnerable.
Source: xaker.ru