Vulnerabilities and security researches forwp-magnific-popup wp-magnific-popup

Jun 20, 2026

CVE, Research URL: CVE-2026-7850
Home page URL: Security reports for WP Magnific Popup
Application: WP Magnific Popup
Date: Jun 17, 2026
Research Description: The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks against any visiting user.
Affected versions: max 1.0.
Status: vulnerable