CVE-2023-6000

Name of the Vulnerable Software and Affected Versions Popup Builder WordPress plugin versions prior to 4.2.3

Description The issue allows simple visitors to update existing popups and inject raw JavaScript, leading to Stored XSS attacks. This could enable attackers to conduct cross-site scripting attacks. Hackers have exploited this flaw to infect over 3,300 sites with malware. The estimated number of potentially affected devices worldwide is not explicitly stated, but the malware campaign has mainly targeted sites in the United States and Germany. In real-world incidents, this issue was exploited to inject malicious code into vulnerable websites' "Custom JS or CSS" sections, redirecting users to phishing sites or injecting further malware.

Recommendations For versions prior to 4.2.3, update to version 4.2.3 or later to resolve the issue. As a temporary workaround, consider disabling the ability for simple visitors to update existing popups until a patch is available. Restrict access to the "Custom JS or CSS" sections to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved.