Vulnerabilities have been discovered in a popular WordPress plugin called Popup Builder, which could allow unauthenticated attackers to inject malicious JavaScript code into popup windows to steal information and potentially even take complete control of targeted sites. The plugin gives site owners the ability to create, deploy, and manage customizable popups using a variety of different content, from HTML and JavaScript to images and videos. Popup Builder developer Sygnoos says that businesses can use it to increase sales and revenue through its smart popups that can be used to display ads, subscription requests, discounts, and more promotional content. Add-ons, which affect all versions of Popup Builder up to version 3.63, were first discovered by Ram Gall, who works as a QA engineer at Defiant. Gall provided further details about how an attacker would use the vulnerabilities he found in the plugin in a blog post, saying: "In general, attackers use a vulnerability like this to redirect site visitors to malicious sites or to steal sensitive information. from your browsers, although it can also be used to take over the site if an administrator visited or previewed a page containing the infected pop-up on login." One of the vulnerabilities Gall discovered in the Popup Builder plugin allows an unauthenticated attacker to inject malicious JavaScript code into any published popup window and the code will be executed every time it is loaded. The other vulnerability allows any logged in user (with permissions as low as a subscriber) to access the plugin's functionality to export subscriber lists and system configuration information using a simple POST request to admin-post.php. Sygnoos fixed the security holes, tracked as CVE-2020-10196 and CVE-2020-10195, with the release of Popup Builder version 3.65.1, after Gall disclosed the bugs to the company. However, only 33,000 users out of the 100,000+ plugin users have updated to the latest version, which means that more than 66,000 sites with older versions of Popup Builder are still vulnerable and could be attacked by hackers. Via BleepingComputer