Security Vulnerability Issue

  • Resolved criticalcode

    (@criticalcode)


    1 year, 6 months ago

    I just got this message from WPEngine regarding our use of this plugin:

    At WP Engine we take the security of your sites very seriously, and make every effort to keep our customers aware of any potential security risks. We are reaching out to you today because we identified your site(s), […] is (are) utilizing a vulnerable version of the Popup Builder – Create highly converting, mobile friendly marketing popups. plugin.

    At this time, we are not seeing that the plugin author has released an update or patch for this vulnerability. 

    WP Engine summary of the vulnerability: Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration. 

    Original 3rd-party’s report on the vulnerability: Please note that questions related to this article should be directed to the 3rd-party researcher and not WP Engine:??
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3226
    https://wpscan.com/vulnerability/941a9aa7-f4b2-474a-84d9-9a74c99079e2

    Do you plan to issue an update soon? I don’t want to be without the plugin for long or have to find another as this one does everything I need it to do.

Viewing 5 replies - 1 through 5 (of 5 total)

  • Just to add to the above.
    I’m a paid customer to this plugin and I have contacted them by:
    1) their instant chat
    2) sending an email to support.

    I have specified as Urgent (yet). But no one has acknowledged anything.
    The instant chat, I only received an email with my transcript saying “Thanks for chatting with us, how did we do”.

    This is not at all reassuring given that paid members should have received a prompt response for things like this.

    Also, their changelog recent activity dates back to Jul 13, 2022.
    Seems like this project is dead, with no active dev team.
    Such a shame as this plugin had some good stuffs.

    PS: I’ll update this post if I do get a reply from them

    Plugin Support Jawad Ahmed

    (@jawada)

    Hi @criticalcode

    Thank you for reaching out. This issue has been fixed, and we have the beta version ready. If you like to get the beta version, We kindly request that you contact us directly for assistance. You can visit the following link, https://help.popup-builder.com/en/, where you will find options to chat with us or send us an email. We are here to help and will be happy to help you with any concerns you may have.

    Hi @wkhayrattee

    I deeply appreciate your patience and for sharing your experience with us. As a paid customer, your concerns are of the utmost importance to us, and I genuinely apologize for any delay caused by the lack of acknowledgment through our instant chat and email support channels. Your urgent matter should have received prompt attention, and I’m sorry for any inconvenience this has caused.

    I want to assure you that your feedback is pivotal to our improvement efforts. We are actively addressing the issues and are committed to enhancing our support responsiveness. Your trust in our plugin is valued, and we are dedicated to ensuring a positive experience for you and all our customers.

    In terms of our changelog activity, I understand your concern, and I assure you that we have an updated beta version available. The recent issue you encountered has been resolved, and we’re actively engaged in refining the plugin to align with the latest WP and PHP changes.

    Furthermore, kindly drop us a message via our chat support channel. This will enable us to verify that your inquiry has been appropriately addressed.

    Thank you for your understanding, and please know that your insights are incredibly valuable to us. If you have any further developments or questions, don’t hesitate to share. We’re here to support you.

    Best regards,

    framtidensporslinab

    (@framtidensporslinab)

    When can we expect an update as this vulnerability is on the scale 4.4/10.

    I have had to disable this plugin and remove it until a update is released in order to keep our site safe. Imean it’s been 5 days since your reply without as much as a small patch even. Would you please share the solution and ill patch it my self in order to get the plugin installed?

    Plugin Support Jawad Ahmed

    (@jawada)

    Hi,

    The issue you encountered has been addressed and resolved in our latest update, version 4.2.0. I’ll go ahead and mark this thread as resolved. If you have any further inquiries,or need assistance, feel free to reach out to us via our support portal. We’re here to help!

    https://help.popup-builder.com/en/

    Sincerely,

    Sorry guys forgot to post an update here.

    I just wanted to mention that @jawada turned out to be very supportive.
    He emailed me and responded to every of my email thereafter my above post.
    Thank you for the prompt package download you sent me, Jawad, to address the security patch.

    I also see the new release on the WordPress public plugin repo.

    Please leep being active, your product does a good a job and a good support and frequent updates can just be merrier.

    Happy creating on WordPress fam!
    Cheers

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Security Vulnerability Issue’ is closed to new replies.

Tags