Vulners
Lucene search
2 matches found
CVE-2025-14441 Popupkit <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Subscriber Data Deletion
The Popupkit plugin for WordPress is vulnerable to arbitrary subscriber data deletion due to missing authorization on the DELETE /subscribers REST API endpoint in all versions up to, and including, 2.2.0. This is due to the permissioncallback only validating wprest nonce without checking user...
4.3CVSS5.5AI score0.00037EPSS
Exploits0References5
CVE-2025-14314
CVE-2025-14314 affects Roxnor PopupKit's popup-builder-block in WordPress PopupKit (
8.5CVSS7.3AI score0.00034EPSS
Exploits0References1
20