Medium severity4.3NVD Advisory· Published Dec 19, 2022· Updated Jun 17, 2026
CVE-2022-4125
CVE-2022-4125
Description
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.6.6
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/7862084a-2821-4ef1-8d01-c9c8b3f28b05nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.