WordPress WP Responsive Popup + Optin plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WP Responsive Popup + Optin versions = 1.4...

CVE-2026-4131

The CVE-2026-4131 entry concerns the WP Responsive Popup + Optin WordPress plugin (versions up to 1.4). Root cause: the admin settings form (wpo_admin_page.php) does not generate or verify a nonce (wp_nonce_field/wp_verify_nonce/check_admin_referer), enabling CSRF that can update plugin settings,...

CVE-2026-1804 WDES Responsive Popup <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'attr' Shortcode Attribute

The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdes-popup-title' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin WDES Responsive Popup 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...