CVE-2025-68526
Deserialization Object Injection in Modal Popup Box
Publication date: 2026-02-20
Last updated on: 2026-02-24
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | modal_popup_box | From 1.0.0 (inc) to 1.6.1 (inc) |
| wp_life | modal_popup_box | to 1.6.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability affects the WordPress Modal Popup Box Plugin versions up to and including 1.6.1. Detection involves identifying if this vulnerable plugin version is installed on your WordPress site.'}, {'type': 'paragraph', 'content': 'You can check the installed plugin version by accessing your WordPress admin dashboard or by running commands on the server hosting the WordPress site.'}, {'type': 'list_item', 'content': 'Use WP-CLI to check the plugin version: wp plugin list | grep modal-popup-box'}, {'type': 'list_item', 'content': "Manually check the plugin version in the plugin's main PHP file, usually located at wp-content/plugins/modal-popup-box/"}, {'type': 'paragraph', 'content': 'Additionally, Patchstack provides an automatic mitigation rule that can detect and block attacks targeting this vulnerability, which can be used as a detection mechanism if you are using their security tools.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2025-68526 is a PHP Object Injection vulnerability found in the WordPress Modal Popup Box Plugin versions up to and including 1.6.1.
This vulnerability occurs due to deserialization of untrusted data, which allows an attacker to inject malicious PHP objects.
Exploiting this vulnerability can lead to various attacks such as code injection, SQL injection, path traversal, denial of service, and others if a suitable PHP Object Injection (POP) chain is available.
The issue is classified under the OWASP Top 10 category A3: Injection.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow a malicious actor to execute arbitrary code, perform SQL injection, traverse paths, cause denial of service, and potentially carry out other attacks.
Such impacts can compromise the security and integrity of your WordPress site, leading to data breaches, service disruptions, and unauthorized access.
Exploitation requires contributor or developer privileges, which means an attacker needs some level of access to the system to leverage this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary mitigation step is to update the Modal Popup Box Plugin to version 1.6.2 or later, where the vulnerability has been patched.'}, {'type': 'paragraph', 'content': "Until you can update the plugin, you can use Patchstack's automatic mitigation rule to block attacks targeting this vulnerability."}, {'type': 'paragraph', 'content': 'If you are a Patchstack user, enabling auto-updates specifically for vulnerable plugins can help ensure protection.'}, {'type': 'paragraph', 'content': 'It is also recommended to review user privileges, as exploitation requires contributor or developer privileges.'}] [1]