A fairly popular WordPress plugin named Popup Builder had a bug in its older versions affecting hundreds of thousands of websites. It was reported to have several vulnerabilities by Team WebARX, and now received an update from the makers rectifying them. Thus, WordPress site admins are advised to update their plug-in to remain safe.
WordPress Pop-up Builder Plugin Vulnerability
Since WordPress is the largest blogging community, there are numerous third-party developers who provide various plug-ins to add typical functionalities to websites. While these plugins add value, they may often contain bugs that let an adversary hijack websites or depreciate their value.
One such plug-in with several vulnerabilities discovered is the Pop-up Builder, which is being downloaded over 200,000 times by several WordPress sites. The security team of WebARX has discovered several vulnerabilities in the plugin, with the major one being with the authorization of AJAX methods.
Researchers said that “A nonce token on the other hand is checked but since this nonce token is sent to all users regardless of their capabilities, any user can execute the vulnerable AJAX methods as long as they pass the nonce token.”
Thus, a logged-in user can have extreme privileges to the site if he manages to obtain the nonce token. This lets him perform activities that can disrupt the site’s popularity, and even being a negative value. Researchers said that attackers can perform activites like sending fake newsletters, adding and deleting subscribers, and even including a local file.
Researchers have informed these vulnerabilities to the plug-in makers, who spotted that bugs existing in version 3.71 and below. Eventually, the makers have released an updated version 3.72, and soon enough, they released version 3.73 addressing more bugs related to AJAX.
Thus, all the WordPress site admins are advised to update this plugin as the best practice to avoid cyberattacks against their sites and have their goodwill damaged.