all InfoSec news
Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin
Wordfence www.wordfence.com
On December 11, 2023, we added an Unauthenticated Stored XSS vulnerability in the Popup Builder WordPress plugin to our Wordfence Intelligence Vulnerability Database. This vulnerability, which was originally reported by WPScan, allows an unauthenticated attacker to inject arbitrary JavaScript that will be executed whenever a user accesses an injected page. Later on January 10th, 2024 ...
Read More
The post Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin appeared first on Wordfence.
attacker builder campaign cross-site database december inject intelligence javascript plugin popup research scripting stored xss takeover unauthenticated vulnerabilities vulnerability vulnerability database website wordfence wordfence intelligence wordpress wordpress plugin wordpress security wpscan xss