Description
WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups is prone to multiple vulnerabilities, including local file inclusion and security bypass vulnerabilities. Exploiting these issues could allow an attacker to obtain sensitive information that could aid in further attacks, or to perform otherwise restricted actions and subsequently delete/import subscribers or send out newsletters with custom content and sender. WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups version 3.71 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.72 or latest
References
https://www.webarxsecurity.com/multiple-vulnerabilities-wordpress-plugin-popup-builder/
https://plugins.svn.wordpress.org/popup-builder/trunk/readme.txt
Related Vulnerabilities
Oracle Database Server CVE-2006-3702 Vulnerability (CVE-2006-3702)
WordPress Plugin WP-Members Membership Cross-Site Scripting (3.1.4.1)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1606)
PHP Other Vulnerability (CVE-2003-0863)
WordPress Plugin Catch Breadcrumb Cross-Site Scripting (1.5.4)