Skip to main content

Wp Magnific Popup

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-7850 MEDIUM POC This Month

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks against any visiting user.

XSS WordPress Wp Magnific Popup
NVD WPScan
CVSS 3.1
5.9
EPSS
0.2%
CVE-2026-7850
EPSS 0% CVSS 5.9
MEDIUM POC This Month

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks against any visiting user.

XSS WordPress Wp Magnific Popup
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy