CVE-2025-15611

Name of the Vulnerable Software and Affected Versions The Popup Box WordPress plugin versions prior to 5.5.0

Description Insufficient nonce validation in the add or edit popupbox() function before saving popup data allows unauthenticated attackers to perform Cross-Site Request Forgery (CSRF) attacks. CSRF is a technique where an attacker tricks a victim into performing actions they did not intend to do. When an authenticated administrator visits a malicious page, an attacker can create or modify popups containing arbitrary JavaScript that executes within the admin panel and the frontend.

Recommendations Update to version 5.5.0 or later.