Details

Improper access control vulnerability leading to multiple AuthenticatedStoredXSS discovered in the WordPress Custom Popup Builder plugin (version <= 1.3.1).

solution

Deactivate and remove. This plugin has been closed as of May 26, 2022 and is no longer available for download. This closure is temporary and pending a full review.

Sources.

Popup | Custom Popup Builder