Fortinet Discovers WordPress Popup Anything Plugin Cross-Site Scripting Vulnerability
Fortinet's FortiGuard Labs has discovered a cross-site scripting (XSS) vulnerability in WordPress Popup Anything Plugin.
Popup Anything is a modal popup plugin for WordPress websites that allows you to add highly customizable popup windows. It has over 50,000+ active installations.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Sep 17, 2021
Upgrade to Popup Anything version - 2.0.4 or later.
Fortinet reported the vulnerability to WP OnlineSupport Team on September 1, 2021.
WP OnlineSupport Team confirmed the vulnerability on September 8, 2021.
WP OnlineSupport Team patched the vulnerability on October 14, 2021