Damian WP Popups CVE-2026-24616
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through <= 2.2.0.3.
AnalysisAI
Damian WP Popups plugin for WordPress versions up to 2.2.0.3 contains an authorization bypass that allows authenticated users to access sensitive information through improperly configured access controls. An attacker with low-privilege WordPress credentials could exploit this to read confidential data without proper authorization. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects Damian WP Popups wp-popups-lite. Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through <= 2.2.0.3.
Affected ProductsAI
Product: Damian WP Popups wp-popups-lite.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today