Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rock Solid Responsive Modal Builder for High Conversion – Easy Popups easy-popups allows Reflected XSS.This issue affects Responsive Modal Builder for High Conversion – Easy Popups: from n/a through <= 1.5.0.
Published: 2025-02-22
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The plugin fails to properly escape script tags in user‑generated popup content, enabling a reflected XSS attack. An attacker could deliver malicious JavaScript that executes in the context of any site visitor who views the popup. This could result in session hijacking, credential theft, defacement, or redirection to phishing sites. The weakness is a classic CWE‑79 flaw.

Affected Systems

The vulnerability is limited to the WordPress plugin Rock Solid Responsive Modal Builder for High Conversion – Easy Popups, affecting all releases up to and including version 1.5.0. No specific operating system or underlying platform restrictions are mentioned; it applies to any WordPress deployment that utilizes the plugin.

Risk and Exploitability

With a CVSS score of 7.1 the vulnerability is considered high severity. The EPSS score indicates a very low probability of exploitation at the time of this analysis, and it is not listed in the CISA KEV catalog. Because the flaw is a reflected XSS, an attacker only needs to supply malicious input that ends up rendered in the popup, which can be achieved through the plugin’s content editor or through crafted URLs. No special privileges or user interaction beyond viewing the affected page are required.

Generated by OpenCVE AI on May 1, 2026 at 15:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Easy Popups to the latest version that addresses the XSS issue (any release newer than 1.5.0).
  • If an update is not immediately possible, disable the plugin or remove all popup content that could contain untrusted input until the update is applied.
  • After the update, review existing popup content to ensure no embedded script tags remain, and configure the plugin’s content fields to enforce strict sanitization.

Generated by OpenCVE AI on May 1, 2026 at 15:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-4432 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rock Solid Responsive Modal Builder for High Conversion – Easy Popups allows Reflected XSS. This issue affects Responsive Modal Builder for High Conversion – Easy Popups: from n/a through 1.5.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rock Solid Responsive Modal Builder for High Conversion – Easy Popups allows Reflected XSS. This issue affects Responsive Modal Builder for High Conversion – Easy Popups: from n/a through 1.5.0. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rock Solid Responsive Modal Builder for High Conversion – Easy Popups easy-popups allows Reflected XSS.This issue affects Responsive Modal Builder for High Conversion – Easy Popups: from n/a through <= 1.5.0.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Mon, 24 Feb 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 22 Feb 2025 16:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rock Solid Responsive Modal Builder for High Conversion – Easy Popups allows Reflected XSS. This issue affects Responsive Modal Builder for High Conversion – Easy Popups: from n/a through 1.5.0.
Title WordPress Responsive Modal Builder for High Conversion – Easy Popups plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:40.734Z

Reserved: 2025-02-14T06:53:43.229Z

Link: CVE-2025-26774

cve-icon Vulnrichment

Updated: 2025-02-24T12:27:21.480Z

cve-icon NVD

Status : Deferred

Published: 2025-02-22T16:15:32.060

Modified: 2026-04-23T15:25:57.510

Link: CVE-2025-26774

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T16:00:16Z

Weaknesses