The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting.CreditsNguyen Anh Tien - SunCSR (Sun* Cyber Security Research) Referenceshttps://wpscan.com/vulnerability/597e9686-f4e2-43bf-85ef-c5967e5652bd
