High severity7.2NVD Advisory· Published Dec 19, 2025· Updated Apr 15, 2026
CVE-2025-13307
CVE-2025-13307
Description
The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under user-controlled conditions that Editors and Administrators can set (edit_pages capability). The conditions are then executed as part of an eval statement executed on every site page. This leads to remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2.3.3
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.