CVE-2022-4124EPSS p18.9%

CVE-2022-4124CVE-2022-4124

popup_manager_project / popup_manager

Description

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them

Scoring

CVSS 4.3 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS0.27% probability of exploitation · percentile 18.9% · 2026-06-19T12:03:05Z
Last modified2026-06-17
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.