Cross-Site Request Forgery in WP Responsive Popup + Optin Plugin for WordPress
CVE-2026-4131

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: WP Responsive Popup + Optin
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-4131?

The WP Responsive Popup + Optin plugin for WordPress is susceptible to a Cross-Site Request Forgery vulnerability caused by the absence of nonce validation on the admin settings form. Attackers can exploit this weakness by tricking an administrator into performing unintended actions, which could lead to unauthorized changes to the plugin settings, including vital parameters such as the 'wpo_image_url'. This vulnerability impacts all versions up to and including version 1.4.

Affected Version(s)

WP Responsive Popup + Optin 0 <= 1.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wp-popup-optin...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 13, 2026

Credit

Muhammad Nur Ibnu Hubab

CVE-2026-4131 Data

JSON