Multiple Vulnerabilities In WordPress Plugin Popup Builder

WebARX has reported that the Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter plugin (versions 3.71 and below) suffers from a lack of authorization in most AJAX methods.

The Popup Builder WordPress plugin has 200 000+ active installations.

According to WebARX the authorization issues in the plugin are caused due to many of the AJAX methods not checking the capability of the user. A method to check the capability of the user is present in the plugin but was not used in these methods.

A nonce token on the other hand is checked but since this nonce token is sent to all users regardless of their capabilities, any user can execute the vulnerable AJAX methods as long as they pass the nonce token.

If you use this plugin please ensure you update to the latest version, at the time of publication this is version 3.73

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: