CVE-2025-14394

Name of the Vulnerable Software and Affected Versions Popover Windows versions up to and including 1.2

Description The Popover Windows plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation. This allows unauthenticated attackers to modify the plugin’s settings by forging requests, provided they can trick a site administrator into performing an action, such as clicking a link.

Recommendations Update Popover Windows to a version newer than 1.2.