Stored XSS in WordPress Popup Builder

Successful exploitation allows an attacker to persist malicious JavaScript in popup content on affected WordPress sites. When administrators or site visitors load a page that renders the compromised popup, the injected script executes in their browser in the security context of the vulnerable site. This can enable session theft, nonce or credential harvesting, forced actions as the victim, defacement, malicious redirects, delivery of further payloads, and broader compromise of the WordPress site depending on the victim's privileges.

If immediate patching is not possible, disable the Popup Builder plugin or restrict access to popup management functionality until the update can be applied. Monitor for unexpected changes to popup definitions and block or sanitize untrusted script content where possible. Deploy a strong Content Security Policy to reduce XSS impact, and use web application monitoring or file/content integrity checks to detect unauthorized popup updates. These measures are compensating controls and do not replace upgrading to a fixed version.

Update the Popup Builder WordPress plugin to version 4.2.3 or later, which addresses the issue. Review existing popups for unauthorized modifications or embedded script content, remove any malicious JavaScript, and audit WordPress accounts, sessions, and site content for signs of follow-on compromise. If exploitation is suspected, rotate administrator credentials, invalidate active sessions, and inspect the site for additional malware or persistence mechanisms.