CVE-2025-10861

Name of the Vulnerable Software and Affected Versions Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress versions prior to 2.1.5

Description The software contains a Server-Side Request Forgery issue resulting from inadequate validation of URLs provided through the URL parameter. This allows unauthenticated attackers to initiate web requests from the application to arbitrary locations. Exploitation can lead to querying and modifying internal service information, as well as network reconnaissance. A partial fix was implemented in version 2.1.4.

Recommendations Update to version 2.1.5 or later.