{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15611", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2026-03-16T18:36:17.868Z", "datePublished": "2026-04-07T06:00:09.736Z", "dateUpdated": "2026-04-07T16:25:37.703Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-07T06:00:09.736Z"}, "title": "Popup Box AYS Pro < 5.5.0 - Admin+ Stored Cross-Site Scripting (XSS) via CSRF", "problemTypes": [{"descriptions": [{"description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Popup Box", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "5.5.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create or modify popups with arbitrary JavaScript that executes in the admin panel and frontend."}], "references": [{"url": "https://wpscan.com/vulnerability/089ea763-2421-4089-a220-251421f7f226/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Spider Sec Ltd", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T16:25:20.160175Z", "id": "CVE-2025-15611", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T16:25:37.703Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-15611", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-07T16:25:20.160175Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T16:25:29.560Z"}}], "cna": {"title": "Popup Box AYS Pro < 5.5.0 - Admin+ Stored Cross-Site Scripting (XSS) via CSRF", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Spider Sec Ltd"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Popup Box", "versions": [{"status": "affected", "version": "0", "lessThan": "5.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/089ea763-2421-4089-a220-251421f7f226/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create or modify popups with arbitrary JavaScript that executes in the admin panel and frontend."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-79 Cross-Site Scripting (XSS)"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-07T06:00:09.736Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15611", "state": "PUBLISHED", "dateUpdated": "2026-04-07T16:25:37.703Z", "dateReserved": "2026-03-16T18:36:17.868Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2026-04-07T06:00:09.736Z", "assignerShortName": "WPScan"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ays-pro:popup_box:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BEED5733-F8BB-4B2B-B0C1-C849505A712C", "versionEndExcluding": "5.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create or modify popups with arbitrary JavaScript that executes in the admin panel and frontend."}], "id": "CVE-2025-15611", "lastModified": "2026-04-09T19:43:40.437", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-07T07:16:23.443", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/089ea763-2421-4089-a220-251421f7f226/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,5.5.0)"}}], "enrichment": {"confidence": 70.0, "confidence_source": "inferred", "scores": [{"score": 70.0, "source": "inferred"}]}, "original": {"product": "Popup Box", "source": "cna", "vendor": "Unknown"}, "product": "popup_box", "vendor": "popup_box"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-07T22:53:12.774464+00:00", "value": {"mitigation_remediation": ["Upgrade the Popup Box plugin to version 5.5.0 or later.", "Remove or disable the add_or_edit_popupbox() endpoint for unauthenticated requests.", "Implement proper nonce checks for all form submissions in the plugin.", "Restrict administrator access to trusted IP addresses or VPN.", "Use a site\u2011wide security plugin to detect and block CSRF attempts."], "summary": {"action": "Immediate Patch", "impact": "Stored Cross\u2011Site Scripting via CSRF"}, "threat_synthesis": {"affected_systems": "Any WordPress installation that uses the Popup Box plugin of a version earlier than 5.5.0 is vulnerable. The plugin is distributed under an unknown vendor designation, so managers should verify the plugin\u2019s version in their WordPress admin area and update accordingly.", "description_and_impact": "The vulnerability lies in the Popup Box WordPress plugin prior to version 5.5.0, where the add_or_edit_popupbox() function fails to validate nonces correctly. This flaw allows an attacker who does not have credentials to submit a Cross\u2011Site Request Forgery form that causes the plugin to save popup data containing arbitrary JavaScript. When an authenticated administrator later opens the page whose popup is stored, the malicious script is executed inside the admin interface and on the published site. This can lead to credential theft, session hijacking, defacement, and other malicious actions performed from the administrator's browser context.", "risk_and_exploitability": "The CVSS base score of 5.4 indicates a moderate severity, while the EPSS score of less than 1 percent suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Because the flaw is invoked via CSRF, an attacker must create a malicious page that an administrator visits while authenticated; however, once that occurs, stored malicious JavaScript runs automatically. The lack of a nonce check makes the CSRF payload trivial to construct, so in a targeted campaign the risk may rise."}}}}, "created": "2026-04-07T09:36:22.442935+00:00", "updated": "2026-04-08T19:50:03.669592+00:00", "vendors": ["popup_box", "popup_box$PRODUCT$popup_box", "wordpress", "wordpress$PRODUCT$wordpress"], "weaknesses": ["CWE-79"]}