Flaws in the Popup Builder WordPress plugin could allow unauthenticated attackers to inject malicious JavaScript code into popups of 100K+ websites.
The Popup Builder WordPress plugin is affected by security flaws that could be exploited by
More than 100,000 websites are exposed to cyber attacks that could allow attackers, to steal information, and potentially take over them.
The Popup Builder plugin is developed by Sygnoos, it allows site
Popups are used by site owners to display a broad range of information, including ads, subscription requests, and discounts.
The vulnerabilities were discovered by Ram Gall, QA Engineer at WordFence. The flaws affect all versions prior to Popup Builder 3.64.1, the most severe one is an
“On March 4th, our Threat Intelligence team discovered several vulnerabilities in Popup Builder, a WordPress plugin installed on over 100,000 sites. One vulnerability allowed an
Experts discovered that the Popup Builder plugin allows to create and run popups containing custom Javascript, to do this the plugin registered an AJAX hook, wp_ajax_nopriv_sgpb_autosave
| 1 | add_action('wp_ajax_nopriv_sgpb_autosave', array($this, 'sgpbAutosave')); |
The problem is that the hook could be abused by unprivileged users because the function it called fails nonce checks or capability checks.
An
“Typically, attackers use a vulnerability like this to redirect site visitors to
The experts discovered other vulnerabilities that could allow logged-in users (even with low permissions (subscriber)) to access some plugin features, such as the export of newsletter subscribers lists and system configuration info. An attacker could exploit these flaws by sending a simple POST request to admin-post.php.
The flaw tracked CVE-2020-10195 is classified as an Authenticated Settings Modification, Configuration Disclosure, and User Data Export. The issue received a CVSS Score of 6.3 (Medium).
Since Sygnoos fixed the security issues with the release of Popup Builder version 3.64.1, over 33,000 users have updated their installs, this means that over 66,000 sites are still running vulnerable versions of the plugin.
The good news is that experts are not aware of attacks in the wild that attempt to exploit the above flaws.
Unfortunately, the number of attacks attempting to exploit vulnerabilities in WordPress plugins continues to increase. Yesterday I reported the news of a critical vulnerability in WordPress plugin ‘ThemeREX Addons’ that could allow remote attackers to execute arbitrary code.
A few weeks ago researchers at NinTechNet reported an ongoing campaign that was actively exploiting a zero-day flaw in the WordPress Flexible Checkout Fields for WooCommerce plugin. Other attacks recently observed are:
- Jan. 2020 – An authentication bypass vulnerability in the InfiniteWP plugin that could potentially impact by more than 300,000 sites.
- Jan. 2020 – Over 200K WordPress sites are exposed to attacks due to a high severity cross-site request forgery (CSRF) bug in Code Snippets plugin.
- Feb. 2020 – A serious flaw in the ThemeGrill Demo Importer WordPress theme plugin with over 200,000 active installs can be exploited to wipe sites and gain admin access to the site.
- Feb. 2020 – A stored cross-site vulnerability in the GDPR Cookie Consent plugin that could potentially impact 700K users.
- Feb. 2020 – A zero-day vulnerability in the ThemeREX Addons was actively exploited by hackers in the wild to create user accounts with admin permissions.
I believe it is very important to protect WordPress install with dedicated solutions, I’m currently using WordFence solution, the company provided with a license to evaluate the premium features.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(
[adrotate banner=”5″]
[adrotate banner=”13″]
Share On
