On December 11, 2023, we added an Unauthenticated Stored XSS vulnerability in the Popup Builder WordPress plugin to our Wordfence Intelligence Vulnerability Database. This vulnerability, which was originally reported by WPScan, allows an unauthenticated attacker to inject arbitrary JavaScript that will be executed whenever a user accesses an injected page. Later on January 10th, 2024 … Continue reading Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin