Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin | allinfosecnews.com

Jan. 15, 2024, 1:06 p.m. | Paolo Tresso

Wordfence www.wordfence.com

On December 11, 2023, we added an Unauthenticated Stored XSS vulnerability in the Popup Builder WordPress plugin to our Wordfence Intelligence Vulnerability Database. This vulnerability, which was originally reported by WPScan, allows an unauthenticated attacker to inject arbitrary JavaScript that will be executed whenever a user accesses an injected page. Later on January 10th, 2024 ...
Read More

The post Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin appeared first on Wordfence.

attacker builder campaign cross-site database december inject intelligence javascript plugin popup research scripting stored xss takeover unauthenticated vulnerabilities vulnerability vulnerability database website wordfence wordfence intelligence wordpress wordpress plugin wordpress security wpscan xss

More from www.wordfence.com / Wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024) 2 days, 17 hours ago | www.wordfence.com

all in bounty bug bug bounty +22

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024) 1 week, 2 days ago | www.wordfence.com

contributed database intelligence may +16

Up to 30X Faster PHP Malware Scans with Wordfence CLI 4.0.1 1 week, 3 days ago | www.wordfence.com

can cli malware malware scanner +11

The Wordfence Affiliate Program Officially Launches Today 1 week, 4 days ago | www.wordfence.com

advocates affiliate clients community +12

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024) 2 weeks, 2 days ago | www.wordfence.com

bounty bug bug bounty disclosure +16

30,000 WordPress Sites affected by Arbitrary SQL Execution Vulnerability Patched in Visualizer WordPress Plugin 2 weeks, 3 days ago | www.wordfence.com

plugin research sql vulnerabilities +6

Revolutionizing WordPress Bug Bounty and Security: Latest Enhancements to the Wordfence Bug Bounty Program 2 weeks, 4 days ago | www.wordfence.com

bounties bounty bug bug bounty +15

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024) 3 weeks, 2 days ago | www.wordfence.com

april bounty bug bug bounty +17

$563 Bounty Awarded for Reflected Cross-Site Scripting Vulnerability Patched in Yoast SEO WordPress Plugin 3 weeks, 5 days ago | www.wordfence.com

april bounty bug bug bounty +17

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com