CVE-2026-4131 in WP Responsive Popup and Optin Plugininfo

Zusammenfassung

von MITRE • 22.04.2026

The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is due to the settings form on the admin page (wpo_admin_page.php) lacking nonce generation (wp_nonce_field) and verification (wp_verify_nonce/check_admin_referer). This makes it possible for unauthenticated attackers to update all plugin settings including the 'wpo_image_url' parameter via a forged request, granted they can trick a site administrator into performing an action such as clicking a link.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Wordfence

Reservieren

13.03.2026

Veröffentlichung

22.04.2026

Moderieren

akzeptiert

Eintrag

VDB-358806

CPE

bereit

CWE

CWE-352 (bestätigt)

CVSS

6.1 (CNA)

EPSS

0.00012

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-4131
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-4131
CVE Details	https://www.cvedetails.com/cve/CVE-2026-4131/

◂ Zurück Übersicht Weiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!