CVE-2025-24746
📋 TL;DR
This stored cross-site scripting (XSS) vulnerability in the Popup Maker WordPress plugin allows attackers to inject malicious scripts into web pages that are then executed when other users view those pages. All WordPress sites using Popup Maker versions up to 1.20.2 are affected. The vulnerability enables attackers to steal session cookies, redirect users, or perform actions on their behalf.
💻 Affected Systems
- Popup Maker WordPress Plugin
📦 What is this software?
Popup Maker by Code Atlantic
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, take over WordPress sites, install backdoors, deface websites, or redirect visitors to malicious sites.
Likely Case
Attackers inject malicious JavaScript to steal user session cookies, potentially compromising user accounts and performing unauthorized actions.
If Mitigated
With proper input validation and output encoding, malicious scripts would be neutralized before reaching users.
🎯 Exploit Status
Stored XSS vulnerabilities are commonly exploited in the wild. Attackers need contributor-level access or higher to inject malicious scripts.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.20.3 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Popup Maker and click 'Update Now'. 4. Verify version is 1.20.3 or higher.
🔧 Temporary Workarounds
Disable Popup Maker Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate popup-maker
Implement Content Security Policy
allAdd CSP headers to restrict script execution
Add to .htaccess: Header set Content-Security-Policy "script-src 'self'"
Add to wp-config.php: header("Content-Security-Policy: script-src 'self'");
🧯 If You Can't Patch
- Restrict user roles - limit who can create/edit popups to trusted administrators only
- Implement web application firewall (WAF) rules to block XSS payloads
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → Popup Maker versionCheck Version:
wp plugin get popup-maker --field=versionVerify Fix Applied:
Verify Popup Maker version is 1.20.3 or higher in WordPress admin📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to popup-related endpoints
- JavaScript payloads in form submissions
- Multiple failed login attempts followed by popup creation
Network Indicators:
- Outbound connections to suspicious domains after popup interaction
- Unexpected redirects from popup pages
SIEM Query:
source="wordpress.log" AND ("popup-maker" OR "popup_maker") AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")