CVE-2019-25744EPSS p6.7%

CVE-2019-25744CVE-2019-25744

Description

WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads in the post_title field that execute when pages or posts display popup selections.

Scoring

CVSS 5.4 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS0.17% probability of exploitation · percentile 6.7% · 2026-06-18T12:00:27Z
Last modified2026-06-10

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2019-25743
CVE
CVE-2025-13192
CVE
WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability
CVE
CVE-2021-47984
CVE
CVE-2025-32547
CVE
CVE-2025-68526
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.