Cross-Site Request Forgery in Ays Pro Popup Box by WordPress
CVE-2025-69021

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Popup Box
Vendor: CVE Published:; 30 December 2025

What is CVE-2025-69021?

A critical vulnerability exists in the Ays Pro Popup Box plugin that allows attackers to perform actions on behalf of authenticated users without their consent. This CSRF issue affects versions up to and including 6.0.7, which could potentially expose user data and compromise site integrity. Proper mitigation strategies must be implemented to safeguard against unauthorized requests that exploit this vulnerability.

Affected Version(s)

Popup box 0 <= 6.0.7

References

https://patchstack.com/database/Wordpress/Plugin/ays-popu...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2025
Vulnerability Reserved
Dec 29, 2025

Credit

Doan Dinh Van | Patchstack Bug Bounty Program

CVE-2025-69021 Data

JSON