Cross-Site Request Forgery in Ays Pro Popup Box by WordPress
CVE-2025-69021

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Popup Box
Vendor: CVE Published:; 30 December 2025

What is CVE-2025-69021?

A critical vulnerability exists in the Ays Pro Popup Box plugin that allows attackers to perform actions on behalf of authenticated users without their consent. This CSRF issue affects versions up to and including 6.0.7, which could potentially expose user data and compromise site integrity. Proper mitigation strategies must be implemented to safeguard against unauthorized requests that exploit this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Popup box <= n/a

References

https://patchstack.com/database/Wordpress/Plugin/ays-popu...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 30, 2025
Vulnerability Reserved
Dec 29, 2025

Credit

Doan Dinh Van | Patchstack Bug Bounty Program

JSON

WordPress