Description
WordPress Plugin Popup Builder-Responsive WordPress Pop up-Subscription & Newsletter is prone to multiple vulnerabilities, including local file inclusion and security bypass vulnerabilities. Exploiting these issues could allow an attacker to obtain sensitive information that could aid in further attacks, or to perform otherwise restricted actions and subsequently delete/import subscribers or send out newsletters with custom content and sender. WordPress Plugin Popup Builder-Responsive WordPress Pop up-Subscription & Newsletter version 3.71 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.72 or latest
References
https://www.webarxsecurity.com/multiple-vulnerabilities-wordpress-plugin-popup-builder/
https://plugins.svn.wordpress.org/popup-builder/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin BCS BatchLine Book Importer Security Bypass (1.5.7)
WordPress Plugin Gravity Forms-Clockwork SMS Cross-Site Scripting (2.2)
WordPress Plugin Gallery-Photo Gallery and Images Gallery Security Bypass (2.0.15)
WordPress Plugin Allow REL= and HTML in Author Bios Cross-Site Scripting (.1)
WordPress Plugin Ajax Plugin Helper Cross-Site Scripting (1.0.5)