CVE-2025-11370
Unauthorized Data Modification in Depicter Popup Slider Plugin
Publication date: 2026-01-06
Last updated on: 2026-01-06
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| depicter | popup_and_slider_builder | to 4.0.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Popup and Slider Builder by Depicter WordPress plugin (up to version 4.0.7). It is caused by a missing capability check on the 'store' function of the RulesAjaxController class, which allows unauthenticated attackers to modify pop-up display settings without authorization.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can update pop-up display settings on a vulnerable WordPress site without authentication. This unauthorized modification could lead to unwanted or malicious pop-ups being shown to site visitors, potentially impacting user experience or enabling further attacks such as phishing or malware distribution.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by monitoring for unauthorized POST requests to the AJAX endpoint related to the 'store' function of the RulesAjaxController class in the Depicter plugin. Specifically, look for HTTP POST requests targeting AJAX routes that update popup display settings without proper authentication. Using command-line tools like curl or wget, you can attempt to reproduce or detect unauthorized access. For example, a command to test might be: curl -X POST -d 'parameters' https://yourwordpresssite.com/wp-admin/admin-ajax.php?action=store (adjusting parameters as needed). Additionally, monitoring web server logs for suspicious POST requests to Depicter AJAX endpoints without valid authentication tokens or cookies can help detect exploitation attempts. [1, 2, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Depicter Popup and Slider Builder plugin to a version later than 4.0.7 where the missing capability check on the 'store' function has been fixed. If an update is not immediately available, restrict access to the AJAX endpoints by implementing additional authentication or firewall rules to block unauthenticated POST requests to these endpoints. Also, review and apply any security patches or middleware updates that enforce capability checks and CSRF protection, as indicated by recent changes adding 'depicter-editor' middleware and capability checks to AJAX routes. [4]