PT-2025-52413 · WordPress · Ocean Modal Window
Alex Tselevich
·
Published
2025-12-19
·
Updated
2025-12-24
·
CVE-2025-13307
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ocean Modal Window WordPress plugin versions prior to 2.3.3
Description
The Ocean Modal Window WordPress plugin is affected by a Remote Code Execution issue. The issue is related to the modal display logic, where user-controlled conditions set by Editors and Administrators (with
edit pages capability) are executed as part of an eval statement on every site page. This can lead to remote code execution.Recommendations
Update the Ocean Modal Window WordPress plugin to version 2.3.3 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ocean Modal Window