VYPR

Popad

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-9616MedSep 4, 2025
    risk 0.34cvss 5.3epss 0.00

    The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAd_reset_cookie_time function. This makes it possible for unauthenticated attackers to reset…

  • CVE-2025-60175MedJun 15, 2026
    risk 0.29cvss 4.4epss 0.00

    Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.