CVE-2025-13307
Summary
The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under user-controlled conditions that Editors and Administrators can set (edit_pages capability). The conditions are then executed as part of an eval statement executed on every site page. This leads to remote code execution.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- HIGH
- HIGH
- HIGH
References
Advisory Timeline
- Published
