Popad
by WordPress
Source repositories
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-9616 | Med | 0.34 | 5.3 | 0.00 | Sep 4, 2025 | The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAd_reset_cookie_time function. This makes it possible for unauthenticated attackers to reset… | ||
| CVE-2025-60175 | Med | 0.29 | 4.4 | 0.00 | Jun 15, 2026 | Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions. |
- risk 0.34cvss 5.3epss 0.00
The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAd_reset_cookie_time function. This makes it possible for unauthenticated attackers to reset…
- risk 0.29cvss 4.4epss 0.00
Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.