Report
The Popup Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_popup_enabled_state function in versions up to, and including, 1.17.1. This makes it possible for authenticated attackers with contributor-level access, and above, to enable and disable popups even when they do not have the right to edit those popups.
Score:3.5
Severity:Low
Version: 1.17.1
There is a patch available in v1.18.0 and we strongly recommend you update to this version as soon as possible.
