CVE-2025-68526
Awaiting Analysis Awaiting Analysis - Queue
Deserialization Object Injection in Modal Popup Box

Publication date: 2026-02-20

Last updated on: 2026-02-24

Assigner: Patchstack

Description
Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through <= 1.6.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-24
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68526
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
patchstack modal_popup_box From 1.0.0 (inc) to 1.6.1 (inc)
wp_life modal_popup_box to 1.6.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability affects the WordPress Modal Popup Box Plugin versions up to and including 1.6.1. Detection involves identifying if this vulnerable plugin version is installed on your WordPress site.'}, {'type': 'paragraph', 'content': 'You can check the installed plugin version by accessing your WordPress admin dashboard or by running commands on the server hosting the WordPress site.'}, {'type': 'list_item', 'content': 'Use WP-CLI to check the plugin version: wp plugin list | grep modal-popup-box'}, {'type': 'list_item', 'content': "Manually check the plugin version in the plugin's main PHP file, usually located at wp-content/plugins/modal-popup-box/"}, {'type': 'paragraph', 'content': 'Additionally, Patchstack provides an automatic mitigation rule that can detect and block attacks targeting this vulnerability, which can be used as a detection mechanism if you are using their security tools.'}] [1]

Executive Summary

CVE-2025-68526 is a PHP Object Injection vulnerability found in the WordPress Modal Popup Box Plugin versions up to and including 1.6.1.

This vulnerability occurs due to deserialization of untrusted data, which allows an attacker to inject malicious PHP objects.

Exploiting this vulnerability can lead to various attacks such as code injection, SQL injection, path traversal, denial of service, and others if a suitable PHP Object Injection (POP) chain is available.

The issue is classified under the OWASP Top 10 category A3: Injection.

Impact Analysis

If exploited, this vulnerability can allow a malicious actor to execute arbitrary code, perform SQL injection, traverse paths, cause denial of service, and potentially carry out other attacks.

Such impacts can compromise the security and integrity of your WordPress site, leading to data breaches, service disruptions, and unauthorized access.

Exploitation requires contributor or developer privileges, which means an attacker needs some level of access to the system to leverage this vulnerability.

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The primary mitigation step is to update the Modal Popup Box Plugin to version 1.6.2 or later, where the vulnerability has been patched.'}, {'type': 'paragraph', 'content': "Until you can update the plugin, you can use Patchstack's automatic mitigation rule to block attacks targeting this vulnerability."}, {'type': 'paragraph', 'content': 'If you are a Patchstack user, enabling auto-updates specifically for vulnerable plugins can help ensure protection.'}, {'type': 'paragraph', 'content': 'It is also recommended to review user privileges, as exploitation requires contributor or developer privileges.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68526. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart