Two vulnerabilities have been patched in a popular WordPress plugin called Popup Builder. The more severe flaw could enable an unauthenticated attacker to infect malicious JavaScript into a popup potentially opening up more than 100,000 websites to takeover. The plugin helps users create and manage popups such as marketing or promotional notices for their websites. The bug ranks 8.3 out of 10.0 on the CVSS severity scale. Users urged to update the plugin to version 3.64.1.
Source: https://threatpost.com/wordpress-plugin-bug-popup-builder/153715/