WordPress Plugin “easy-popup-show” provided by Ari Susanto contains a cross-site request forgery vulnerability (CWE-352).
If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed.
Stop using the plugin
The developer states that the plugin is no longer supported, therefore stop using the plugin.