# Exploit Title: WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scripting
# Date: 11/27/2020
# Exploit Author: Ilca Lucian Florin
# Vendor Homepage: https://sygnoos.com
# Software Link: https://wordpress.org/plugins/popup-builder/ / https://popup-builder.com/
# Version: Opening events section, add two payloads, one for #2 section
and one for #3 section, like in the following example: #2 Add the code you want to run before the popup opens. This will be the
code that will work in the process of opening the popup. true/false
conditions will not work in this phase. "> #3 Add the code you want to run after the popup opens. This code will work
when the popup is already open on the page. "> 5. Click Update 6. Go to https://website.com. The XSS alert will pop up. # All text-areas from JS section are vulnerable to stored cross site
scripting. Evidence: 1. https://ibb.co/JvBTq0H
2. https://ibb.co/0KP7NFQ
3. https://ibb.co/3cFnVYF
Support the originator by clicking the read the rest link below.
