CVE-2026-1720
📋 TL;DR
The WowOptin WordPress plugin allows authenticated attackers with Subscriber-level access or higher to install and activate arbitrary plugins without proper authorization. This vulnerability affects all versions up to and including 1.4.24, potentially compromising any WordPress site using this plugin.
💻 Affected Systems
- WowOptin: Next-Gen Popup Maker WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could install malicious plugins that provide persistent backdoors, execute arbitrary code, steal sensitive data, or take full control of the WordPress site.
Likely Case
Attackers install plugins that create admin accounts, exfiltrate data, or deploy cryptocurrency miners on vulnerable sites.
If Mitigated
With proper access controls and monitoring, impact is limited to unauthorized plugin installations that can be detected and removed.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple. Public proof-of-concept code exists in the WordPress plugin repository changeset.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.25 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3456826/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WowOptin plugin. 4. Click 'Update Now' if available, or manually update to version 1.4.25+. 5. Verify the plugin is updated to patched version.
🔧 Temporary Workarounds
Disable WowOptin Plugin
allTemporarily deactivate the vulnerable plugin until patched version can be installed
wp plugin deactivate wowoptin
Restrict User Registration
allDisable new user registration to prevent attackers from obtaining Subscriber accounts
Settings → General → Membership → Uncheck 'Anyone can register'
🧯 If You Can't Patch
- Remove the WowOptin plugin completely from the WordPress installation
- Implement strict access controls and monitor for unauthorized plugin installation attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → WowOptin version. If version is 1.4.24 or lower, the site is vulnerable.Check Version:
wp plugin list --name=wowoptin --field=versionVerify Fix Applied:
Verify WowOptin plugin version is 1.4.25 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- WordPress logs showing plugin installation/activation by non-admin users
- Unexpected plugin installation events in WordPress activity logs
Network Indicators:
- HTTP POST requests to /wp-admin/admin-ajax.php with action=install_and_active_plugin
- Unusual outbound connections after plugin installation
SIEM Query:
source="wordpress" AND (event="plugin_installed" OR event="plugin_activated") AND user_role!="administrator"