Vulnerabilities

CVE-2026-1165 - Popup Box <= 6.1.1 - cross-site request forgery to popup status change

2026-01-31 0 views admin

CVE ID : CVE-2026-1165 Published : Jan. 31, 2026, 2:22 p.m. | 27 minutes ago Description : The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publish_unpublish_popupbox' function that verifies a self-created nonce rather than one submitted in the request. This makes it possible for unauthenticated attackers to change the publish status of popups via a forged request, granted they can trick a site administrator into performing an action such as clicking a link. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-1165

Published

Jan. 31, 2026

Affected Product: WordPress

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-1165wordpress

CVE-2026-1165 - Popup Box <= 6.1.1 - cross-site request forgery to popup status change

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-14554 - Sell BTC - Cryptocurrency Selling Calculator <= 1.5 - unauthenticated stored cro...

CVE-2026-23023 - idpf: fix memory leak in idpf_vport_rel()

CVE-2026-23022 - idpf: fix memory leak in idpf_vc_core_deinit()

CVE-2026-23020 - net: 3com: 3c59x: fix possible null dereference in vortex_probe1()

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3