Unauthorized Data Modification Vulnerability in Popup Builder by WordPress
CVE-2025-14446
6.5MEDIUM
What is CVE-2025-14446?
The Popup Builder (Easy Notify Lite) plugin for WordPress contains a security flaw that allows authenticated attackers with Subscriber-level access or higher to tamper with its settings. This is due to a lack of a capability check in the easynotify_cp_reset() function, which allows for unauthorized resetting of plugin configurations to default values. This vulnerability threatens the integrity of user data and the intended functionality of the plugin, making it imperative for users to review their security measures.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Popup Builder * <= 1.1.37
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Athiwat Tiprasaharn