Vulnerabilities in the Popup Builder WordPress plugin could allow unauthenticated attackers to inject malicious JavaScript code into popups displayed on tens of thousands of websites, to steal information, and to potentially fully take over targeted sites.

Popup Builder enables site owners to create, deploy, and manage customizable popups containing a wide range of content from HTML and JavaScript code to images and videos.

Sygnoos, the plugin’s developer, markets it as a tool that can help increase sales and revenue via smart pop-ups used to display ads, subscription requests, discounts, and various other types of promotional content.

Unauthenticated XSS and information

The US government is fighting to contain and slow down the spread of the coronavirus. Testing is central to these efforts.

Molecular biologist and viral researcher Maureen Ferran answers some basic questions about how these diagnostic tests work – and if there are enough to go around.


Who gets tested for the virus?

Currently there are two main reasons someone would be tested for the coronavirus: having symptoms or exposure to an infected person.

The main symptoms of COVID-19, the disease caused by the coronavirus SARS-CoV-2, are fever, dry cough and shortness of breath. These look a lot like