{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T12:40:24.017","vulnerabilities":[{"cve":{"id":"CVE-2025-11370","sourceIdentifier":"security@wordfence.com","published":"2026-01-06T04:15:51.430","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'store' function of the RulesAjaxController class in all versions up to, and including, 4.0.7. This makes it possible for unauthenticated attackers to update pop-up display settings."},{"lang":"es","value":"El plugin Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel para WordPress es vulnerable a la modificación no autorizada de datos debido a una falta de verificación de capacidad en la función 'store' de la clase RulesAjaxController en todas las versiones hasta la 4.0.7, inclusive. Esto hace posible que atacantes no autenticados actualicen la configuración de visualización de los pop-ups."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/nguy3nB4oo11/depicter-vuln-repro/blob/main/RulesAjaxController.php","source":"security@wordfence.com"},{"url":"https://github.com/nguy3nB4oo11/depicter-vuln-repro/blob/main/ajax.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3428118/depicter/trunk/app/routes/ajax.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d35faf39-4882-4393-9b77-57dc45ac9d04?source=cve","source":"security@wordfence.com"}]}}]}