Vulnerabilities and security researches formodal-popup-box modal-popup-box

Jun 07, 2024

CVE, Research URL: CVE-2024-2008
Home page URL: Security reports for Modal Popup Box – Popup Builder, Show Offers And News in Popup
Application: Modal Popup Box – Popup Builder, Show Offers And News in Popup
Date: Apr 04, 2024
Research Description: The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of untrusted input in the awl_modal_popup_box_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions: max 1.5.3.
Status: vulnerable

Feb 27, 2026

CVE, Research URL: CVE-2025-68526
Home page URL: Security reports for Modal Popup Box – Popup Builder, Show Offers And News in Popup
Application: Modal Popup Box – Popup Builder, Show Offers And News in Popup
Date: Feb 20, 2026
Research Description: Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through <= 1.6.1.
Affected versions: max 1.6.1.
Status: vulnerable