CVE-2025-11370

Description

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the store function of the RulesAjaxController class in all versions up to, and including, 4.0.7. This makes it possible for unauthenticated attackers to update pop-up display settings.