One of the vulnerabilities Gall discovered in the Popup Builder plugin allows an unauthenticated attacker to inject malicious JavaScript code into any published popup and the code would then be ...

Enter Popup, a no-code platform for the creation, management and hosting of online stores, from landing pages to ad campaigns to checkout, using a drag-and-drop visual editor.

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code.