cleantalk
Vulnerabilities and Security Researches

Popup Box – Best WordPress Popup Plugin, CVE-2025-15611

CVE, Research URL

CVE-2025-15611

Home page URL

Security reports for Popup Box – Best WordPress Popup Plugin

Application

Popup Box – Best WordPress Popup Plugin

Published on
Apr 07, 2026
Research Description
The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create or modify popups with arbitrary JavaScript that executes in the admin panel and frontend.
Affected versions
max 5.5.0.
Status
vulnerable
Previous vulnerability researches
Popup Box – Best WordPress Popup Plugin (CVE-2024-37096) , Jun 24, 2024
Popup Box – Best WordPress Popup Plugin (CVE-2026-54192) , Jun 19, 2026
Popup Box – Best WordPress Popup Plugin (CVE-2024-9599) , May 19, 2025
Popup Box – Best WordPress Popup Plugin (f76ca70e36e5617655fc90029c18e6f94ba010fc) , Jun 16, 2026
Popup Box – Best WordPress Popup Plugin (bd2e0643-c83b-4ca6-9332-66e4c49252ba) , Jun 16, 2026
New vulnerability
WP Travel Gutenberg Blocks (CVE-2026-54808) , Jun 19, 2026
BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support (CVE-2026-12157) , Jun 19, 2026
Advanced Import : One Click Import for WordPress or Theme Demo Data (CVE-2026-4328) , Jun 19, 2026
Falang multilanguage for WordPress (CVE-2026-54805) , Jun 19, 2026
SMS Alert Order Notifications – WooCommerce (CVE-2026-54803) , Jun 19, 2026