CVE-2025-9490
Published
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.20.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
<h3>📈 Drive More Sales, Leads & Email List Opt-Ins Using Popup Maker</h3>
<p><strong>Popup Maker™</strong>, rated as the <strong><a href="https://wppopupmaker.com/conversion-optimization/best-wordpress-popup-plugins/" rel="nofollow ugc">best WordPress popup plugin</a></strong> by our community of 780,000+ users, empowers you to create stunning popups, modals, and overlays in minutes. Whether you’re a beginner or a pro, our versatile toolkit makes it easy to boost your WordPress site’s engagement.</p>
<p>Transform your WordPress site into a conversion powerhouse! Create targeted campaigns using popups, exit-intent forms, slide-ins, and smart banners to skyrocket your revenue and build your email list faster than ever.</p>
<blockquote>
<p><strong>We switched to Popup Maker for our popups and couldn’t be happier.</strong></p>
<p>“We recommend it to all our clients too. Popup Maker is an essential piece of our website for maximizing growing our email list, increasing sales conversions, and guiding users with strategic calls to action. Great support too.”</p>
<p>~ <strong>Chris Badgett, LifterLMS CEO</strong></p>
</blockquote>
<h4>🔥 Ready to get started?</h4>
<p>👉 <a href="https://wppopupmaker.com/?utm_campaign=readme&utm_medium=referral&utm_source=readme-description&utm_content=main-site-link" rel="nofollow ugc">Visit Our Website</a> – Explore all features & pricing<br />
👉 <a href="https://wppopupmaker.com/community/?utm_campaign=readme&utm_medium=referral&utm_source=readme-description&utm_content=community" rel="nofollow ugc">Join Our Conversion Optimization Community</a> – Share strategies & learn from experts<br />
👉 <a href="https://wppopupmaker.com/docs/category/using-popup-maker/?utm_campaign=readme&utm_medium=referral&utm_source=readme-description&utm_content=user-guide" rel="nofollow ugc">Read Our Guides</a> – Learn popup best practices<br />
👉 <a href="https://wppopupmaker.com/support/?utm_campaign=readme&utm_medium=referral&utm_source=readme-description&utm_content=support" rel="nofollow ugc">Get Help</a> – World-class support when you need it</p>
<h3>🎬 See What’s Possible with Popup Maker</h3>
<p><span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/PomnMganMVM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span></p>
<p><a href="https://www.youtube.com/watch?v=PomnMganMVM" rel="nofollow ugc">Stunning examples of what you can create in Popup Maker <strong>(View Video)</strong></a></p>
<h3>🛠️ Ultimate WordPress Popup Builder: Every Type of Conversion Popup at Your Fingertips</h3>
<p>With Popup Maker, you have the ultimate popup builder toolkit at your disposal, create any type of popup in minutes:</p>
<ul>
<li>Email opt-in popups,</li>
<li>Exit-Intent popups.</li>
<li>Lead generation popups,</li>
<li>Subscription list popups</li>
<li>Content upgrade popups,</li>
<li>Ecommerce popups,</li>
<li>Contact form popups,</li>
<li>Urgent site-wide announcements and notification banners,</li>
<li><a href="https://ninjaforms.com/blog/eu-cookie-notices-ninja-forms/" rel="nofollow ugc">EU cookie notices</a>,</li>
<li>Popups to greet visitors from ProductHunt (requires <a href="https://wppopupmaker.com/pricing/?utm_campaign=readme&utm_medium=referral&utm_source=readme-description&utm_content=example-popups&utm_term=greet-producthunt" rel="nofollow ugc">Popup Maker Pro</a>),</li>
<li>WooCommerce & Easy Digital Downloads upsell popups (requires <a href="https://wppopupmaker.com/pricing/?utm_campaign=readme&utm_medium=referral&utm_source=readme-description&utm_content=example-popups&utm_term=woocommerce-upsells" rel="nofollow ugc">Popup Maker Pro+</a>),</li>
<li>WooCommerce & Easy Digital Downloads cross-sell popups (requires <a href="https://wppopupmaker.com/pricing/?utm_campaign=readme&utm_medium=referral&utm_source=readme-description&utm_content=example-popups&utm_term=woocommerce-crosssells" rel="nofollow ugc">Popup Maker Pro+</a>),</li>
<li>Cart abandonment popups — recover lost sales with targeted offers at checkout (requires <a href="https://wppopupmaker.com/pricing/?utm_campaign=readme&utm_medium=referral&utm_source=readme-description&utm_content=example-popups&utm_term=cart-abandonment" rel="nofollow ugc">Popup Maker Pro+</a>),</li>
<li>LifterLMS course enrollment popups — convert visitors directly into enrolled students (requires <a href="https://wppopupmaker.com/pricing/?utm_campaign=readme&utm_medium=referral&utm_source=readme-description&utm_content=example-popups&utm_term=lifterlms-enrollment" rel="nofollow ugc">Popup Maker Pro+</a>),</li>
<li>& more.</li>
</ul>
<blockquote>
<p><strong>Even the free version is great</strong><br />
“Does exactly what it says and is easy to use. Free version allows full control of where popup appears, how it looks and setting conditions for popup reappearing across website.”<br />
~<a href="https://wordpress.org/support/topic/even-the-free-version-is-great-2/" rel="ugc">@rsb1234</a></p>
</blockquote>
<h3>🔑 Trigger Popups with Ease: Multiple Ways to Open Your Popups</h3>
<p>Popup Maker offers a variety of triggers to open your popups:</p>
<ul>
<li>Open automatically (with optional delay)</li>
<li>Click button (or any other element) to open</li>
<li>Form submission (open a popup when a form is submitted)</li>
<li>Open when someone is about to leave your site (requires <a href="https://wppopupmaker.com/pricing/?utm_campaign=readme&utm_medium=referral&utm_source=readme-description&utm_content=triggers&utm_term=exit-intent" rel="nofollow ugc">Popup Maker Pro</a>)</li>
<li>Open when someone has scrolled down your page (requires <a href="https://wppopupmaker.com/pricing/?utm_campaign=readme&utm_medium=referral&utm_source=readme-description&utm_content=triggers&utm_term=scroll" rel="nofollow ugc">Popup Maker Pro</a>)</li>
</ul>
<h3>🎯 Smart Popup Targeting: Deliver the Perfect Message to Every Visitor</h3>
<p>Never show irrelevant popups again! Our powerful targeting system ensures your messages reach exactly who needs to see them, when they need to see them. From basic page targeting to advanced user behavior conditions, you have complete control over your popup’s visibility.</p>
<h4>Free Targeting Options:</h4>
<ul>
<li>Target specific posts, pages, or custom post types</li>
<li>Target by post categories or tags, & custom taxonomies</li>
<li>Front page vs blog page targeting</li>
</ul>
<h4>Premium Targeting Features:</h4>
<ul>
<li>Advanced user behavior targeting</li>
<li>Show on specific URLs or URL patterns</li>
<li>Show/hide based on user roles</li>
<li>Geolocation targeting</li>
<li>Browser & OS targeting</li>
<li>Time & date scheduling</li>
<li>Page scroll depth targeting</li>
<li>User login status</li>
<li>Previous popup interactions</li>
<li>Ecommerce purchasing & cart rules</li>
<li>Advanced custom taxonomy targeting</li>
<li>Referrer source targeting</li>
</ul>
<h3>🔑 Integrate with Your Favorite Form Plugins</h3>
<p>Popup Maker integrates with all of the most popular form plugins to allow you to open a popup when a form is submitted or close the popup when a form inside the popup is submitted. Popup Maker integrates with:</p>
<h4>Form Plugin Integrations:</h4>
<ul>
<li><a href="https://wppopupmaker.com/form-integrations/ninja-forms/" rel="nofollow ugc">Ninja Forms</a> – powerful drag & drop form builder</li>
<li><a href="https://wppopupmaker.com/form-integrations/gravity-forms/" rel="nofollow ugc">Gravity Forms</a> – advanced WordPress forms with conditional logic</li>
<li><a href="https://wppopupmaker.com/form-integrations/contact-form-7/" rel="nofollow ugc">Contact Form 7</a> (CF7) – simple contact forms</li>
<li><a href="https://wppopupmaker.com/form-integrations/wpforms/" rel="nofollow ugc">WPForms</a> – beginner-friendly form plugin with templates</li>
<li><a href="https://wppopupmaker.com/form-integrations/ws-forms/" rel="nofollow ugc">WSForm</a> – professional form builder with advanced features</li>
<li><a href="https://wppopupmaker.com/form-integrations/fluent-forms/" rel="nofollow ugc">Fluent Forms</a> – conversational forms with multi-step layouts</li>
<li><a href="https://wppopupmaker.com/form-integrations/mailchimp-for-wordpress/" rel="nofollow ugc">Mailchimp for WordPress</a> (MC4WP) – newsletter signup forms</li>
<li><a href="https://wppopupmaker.com/form-integrations/formidable-forms/" rel="nofollow ugc">Formidable Forms</a> – advanced form builder with database views</li>
<li><a href="https://wppopupmaker.com/form-integrations/forminator/" rel="nofollow ugc">Forminator</a> – free form builder by WPMU DEV</li>
<li><a href="https://wppopupmaker.com/form-integrations/elementor-pro-forms/" rel="nofollow ugc">Elementor Pro Forms</a> – native form builder for Elementor page builder</li>
<li><a href="https://wppopupmaker.com/form-integrations/happyforms/" rel="nofollow ugc">HappyForms</a> – free drag-and-drop form builder with live preview</li>
<li><a href="https://wppopupmaker.com/form-integrations/kali-forms/" rel="nofollow ugc">Kali Forms</a> – Gutenberg-native form builder with block editor support</li>
<li><a href="https://wppopupmaker.com/form-integrations/bit-form/" rel="nofollow ugc">Bit Form</a> – lightweight form builder with custom post type storage</li>
<li><a href="https://wppopupmaker.com/form-integrations/html-forms/" rel="nofollow ugc">HTML Forms</a> – simple, lightweight form builder with no bloat</li>
<li><a href="https://wppopupmaker.com/form-integrations/beaver-builder/" rel="nofollow ugc">Beaver Builder Forms</a> – contact, subscribe, and login forms for Beaver Builder page builder</li>
<li><a href="https://wppopupmaker.com/email-marketing-integrations/the-newsletter-plugin/" rel="nofollow ugc">Newsletter</a> – thenewsletterplugin.com integration with AJAX submission support</li>
<li>and more!</li>
</ul>
<h4>Email Marketing & CRM Integrations:</h4>
<p>Already created a form in your email marketing service? Using our free version, you can copy and paste any form created by most list building platforms, including but not limited to:</p>
<ul>
<li>MailChimp</li>
<li>AWeber</li>
<li>InfusionSoft</li>
<li>GetResponse</li>
<li>Convertkit</li>
<li>Constant Contact</li>
<li>Mail Poet</li>
<li>Mad Mimi</li>
<li>FluentCRM</li>
<li>Hubspot</li>
<li>Emma</li>
<li>and more!</li>
</ul>
<h3>⚙️ Advanced Popup Controls: Customize Every Aspect of Your Popups</h3>
<p>Take complete control of your popups with our powerful customization features:</p>
<ul>
<li><strong>Visual Popup Editor</strong> – Design beautiful popups with our intuitive drag & drop editor. Control sizing, positioning, animations, and more</li>
<li><strong>Smart Display Rules</strong> – Set cookie-based display frequency to prevent popup fatigue and improve user experience</li>
<li><strong>Custom Animations</strong> – Choose from slide, fade, and other engaging entrance/exit animations</li>
<li><strong>Mobile-First Design</strong> – Every popup is fully responsive and looks great on all devices</li>
<li><strong>Custom Positioning</strong> – Place your popups exactly where you want them – centered, corners, or custom positions</li>
<li><strong>Cookie Controls</strong> – Fine-tune when and how often visitors see your popups with advanced cookie settings</li>
</ul>
<h3>👍 Trusted by many people just like you!</h3>
<p>Popup Maker is used on over 780,000 websites and has received over 4,300 5-star reviews just like this one:</p>
<blockquote>
<p><strong>Great plugin, everything I needed</strong><br />
“Really nice plugin, simple to use, responsive, a good catch !” ~<a href="https://wordpress.org/support/topic/great-plugin-everything-i-needed/" rel="ugc">@lemmmy</a></p>
</blockquote>
<h3>🚀 Go Further with Popup Maker Pro & Pro+</h3>
<p>Stop settling for basic conversion tracking. Popup Maker is the <strong>only WordPress popup plugin with complete revenue attribution</strong> — see exactly how much money each popup generates, not just clicks and email captures.</p>
<p><strong>No monthly fees. Your data stays on your server. No traffic limits. Ever.</strong></p>
<blockquote>
<p>Compare to the alternatives: OptinMonster starts at $108/year. Privy starts at $288/year. Justuno starts at $228/year. None of them give you complete revenue attribution or WordPress-native data ownership.</p>
</blockquote>
<h4>⚡ Popup Maker Pro — $99/year</h4>
<p>Everything serious marketers need to drive and measure results:</p>
<ul>
<li><strong>Exit Intent</strong> — Recover abandoning visitors with perfectly timed offers before they leave</li>
<li><strong>Popup Analytics</strong> — Track views, clicks, and conversions with a full reporting dashboard</li>
<li><strong>Advanced Targeting</strong> — Target by user behavior, referral source, scroll depth, geolocation, browser, OS, user role, login status, and more</li>
<li><strong>Scheduling</strong> — Display time-sensitive offers automatically at the perfect moment</li>
<li><strong>Forced Interaction</strong> — Ensure critical messages are acknowledged before users continue</li>
<li><strong>Call to Action Management</strong> — Create, track, and export unlimited trackable CTAs with conversion reporting</li>
<li><strong>Bulk Operations</strong> — Enable, disable, duplicate, and manage multiple popups at once</li>
<li><strong>Export / Import</strong> — Replicate winning campaigns across sites in seconds</li>
<li><strong>FluentCRM Integration</strong> — Tag contacts, add to lists, and trigger automations on popup conversion</li>
<li><strong>Scroll Trigger</strong> — Fire popups when visitors reach a specific scroll depth</li>
</ul>
<h4>🏆 Popup Maker Pro+ — $249/year</h4>
<p>Everything in Pro, plus industry-specific power for ecommerce and education businesses:</p>
<ul>
<li><strong>Complete Revenue Attribution</strong> — Track actual sales generated by each popup, from interaction through final purchase. See that a specific popup generated $5,000 in revenue this month.</li>
<li><strong>WooCommerce Integration</strong> — Add to cart, apply discounts, trigger upsells, cross-sells, and cart abandonment recovery, and track purchase revenue per popup campaign</li>
<li><strong>Easy Digital Downloads Integration</strong> — Add to cart, apply discounts, trigger upsells and cross-sells, and track purchase revenue per popup campaign — full feature parity with WooCommerce</li>
<li><strong>LifterLMS Integration</strong> — Enroll students, award achievements, apply discounts, and track enrollment revenue per popup</li>
<li><strong>Advanced Revenue Reporting</strong> — Attribution reports showing real dollars earned per campaign, popup, and CTA</li>
</ul>
<p>👉 <a href="https://wppopupmaker.com/pricing/?utm_campaign=readme&utm_medium=referral&utm_source=readme-description&utm_content=pro-plus-section&utm_term=compare-plans" rel="nofollow ugc">Compare Plans & Pricing</a></p>
<h3>🤝 Join Our Growing Community</h3>
<p>We believe in making Popup Maker better together! Here’s how you can get involved:</p>
<ul>
<li>📚 <a href="https://wppopupmaker.com/docs/?utm_campaign=readme&utm_medium=referral&utm_source=readme-description&utm_content=questions&utm_term=documentation" rel="nofollow ugc">Read Our Documentation</a> – Comprehensive guides and tutorials</li>
<li>💬 <a href="https://wppopupmaker.com/support/?utm_campaign=readme&utm_medium=referral&utm_source=readme-description&utm_content=questions&utm_term=support" rel="nofollow ugc">Get Premium Support</a> – Our team is here to help</li>
<li>🌟 <a href="https://wppopupmaker.com/community/?utm_campaign=readme&utm_medium=referral&utm_source=readme-description&utm_content=community" rel="nofollow ugc">Join Our Community</a> – Share strategies & learn from experts</li>
<li>💻 <a href="https://github.com/PopupMaker/Popup-Maker" rel="nofollow ugc">Contribute on GitHub</a> – Help improve the code</li>
<li>🌍 <a href="https://translate.wordpress.org/projects/wp-plugins/popup-maker" rel="nofollow ugc">Help with Translations</a> – Make the <strong>best WordPress popup plugin</strong> accessible in your language</li>
<li>⭐ <a href="https://wordpress.org/support/plugin/popup-maker/reviews/#new-post" rel="ugc">Leave a Review</a> – Share your experience with others</li>
</ul>
<h3>Created by Code Atlantic</h3>
<p>Popup Maker is built by the <a href="https://code-atlantic.com" rel="nofollow ugc">Code Atlantic</a> team. We create high-quality WordPress plugins that help you grow.</p>
<p>Check out some of our most popular plugins:</p>
<ul>
<li><a href="https://contentcontrolplugin.com/" rel="nofollow ugc">Content Control</a> – Restrict Access to Pages and Posts</li>
<li><a href="https://wordpress.org/plugins/user-menus/" rel="ugc">User Menus</a> – Show Or Hide Menu Items For Different Users</li>
</ul>
WordPress Plugin Directory