New vulnerability | ww.wp.xz.cn

Resolved koullis
(@koullis)

2 years, 7 months ago

@jawada A new vulnerability was marked by wordfence on newest version 4.20

Popup Builder <= 4.2.0 – Authenticated (Admin+) Stored Cross-Site Scripting

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/popup-builder/popup-builder-4115-authenticated-admin-stored-cross-site-scripting

https://wpscan.com/vulnerability/941a9aa7-f4b2-474a-84d9-9a74c99079e2/

Viewing 4 replies - 1 through 4 (of 4 total)

Thread Starter koullis
(@koullis)

2 years, 7 months ago

according to wpscan its been reported to owner since june and still not fixed

Plugin Support Jawada
(@jawada)

2 years, 7 months ago

Hi,

The cross site scripting issue has been fixed with our latest version V4.2.0, and we are working on other issues currently. Please bear with us.

Regards

Martin Blumenfeld
(@monkeypress)

2 years, 7 months ago

According to the security scan report this was not fixed in V4.2. At this point we just deleted the plugin. We’ll find a different one that’s more well maintained.

Plugin Support Jawada
(@jawada)

2 years, 6 months ago

Hi

We are pleased to inform you that the security vulnerability you reported has been addressed and resolved in our latest update, version 4.2.2. I will now mark this thread as resolved. If you require further assistance or have any additional questions, please don’t hesitate to contact us through our support portal. Our team is always here to help!

https://help.popup-builder.com/en/

Sincerely,

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘New vulnerability’ is closed to new replies.

6 replies
3 participants
Last reply from: Jawada
Last activity: 2 years, 6 months ago
Status: resolved