Loading market data...
← Back to CVE feed

CVE-2019-25744

MEDIUM CVSS 6.4 View on NVD ↗

Description

WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads in the post_title field that execute when pages or posts display popup selections.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Published: Jun 04, 2026 14:16 UTC Modified: Jun 04, 2026 15:00 UTC