MEDIUM
WP Magnific Popup
CVE published 2026-06-17
CVE-2026-7850
The WP Magnific Popup WordPress plugin through 1.0 has a Stored Cross-Site Scripting vulnerability. This allows authenticated attackers with Author-level access or above to perform attacks against any visiting user. The vulnerability exists due to improper escaping of user-controlled link URLs before injecting them into the DOM when displaying image load error messages. Users of WP Magnific Popup WordPres [truncated]