CVE-2025-24746
WordPress Popup Maker plugin <= 1.20.2 - Cross Site Scripting (XSS) vulnerabilityImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Iser Popup Maker popup-maker allows Stored XSS.This issue affects Popup Maker: from n/a through <= 1.20.2.
We have discovered 47,451 live websites that are affected by CVE-2025-24746.
Affected Software
| Product |  Popup Maker |
| Category | Wordpress Plugins |
| Vulnerable Domains | 47,451 live websites (29% of Popup Maker install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 105 versions ( 91% of all versions) |
Details
- Published - Jan 24, 2025
- Updated - Apr 1, 2026
Credits
- savphill | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2025-24746 United States | 11,392 websites |
 Russia | 6,978 websites |
 Germany | 3,518 websites |
 Italy | 2,404 websites |
 France | 2,165 websites |
 GB | 1,499 websites |
 Poland | 1,301 websites |
 India | 1,248 websites |
 Spain | 1,199 websites |
 Ukraine | 1,074 websites |
Website Distribution by TLD
Number of websites using CVE-2025-24746| .com | 17,352 websites |
| .ru | 5,606 websites |
| .de | 1,897 websites |
| .it | 1,755 websites |
| .org | 1,750 websites |
| .com.au | 977 websites |
| .pl | 973 websites |
| .fr | 926 websites |
| .co.uk | 860 websites |
| .net | 795 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-24746
Top websites that are affected by CVE-2025-24746. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.com | United States | *,*** | |
| ****************.com | United States | **,*** | |
| **********.**.il |  Israel | **,*** | |
| ********.com | United States | **,*** | |
| **************.ca |  Canada | **,*** | |
| ********.com | United States | **,*** | |
| *********.fr | GB | **,*** | |
| ***************.org | United States | **,*** | |
| **************.org | United States | **,*** | |
| *******.com | United States | **,*** |
FAQ
A total of 47,451 websites have been identified as vulnerable to CVE-2025-24746, based on global website indexing conducted by WebTechSurvey.
The Popup Maker is affected by the CVE-2025-24746 vulnerability.
Popup Maker versions up to and including 1.20.2 are vulnerable to CVE-2025-24746.