Modal Popup Box allows Malicious Code Execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

Modal Popup Box allows Malicious Code Execution

CVE-2025-68526

Summary

A security issue in Modal Popup Box for WordPress allows hackers to inject malicious code. This affects all versions of the plugin up to and including 1.6.1. Update to a newer version to fix the issue.

Original title

Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through <= 1.6.1.

Original description

Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through <= 1.6.1.

nvd CVSS3.1 8.8

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Plugin/modal-popup-box/vulnerability/w...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026