CVE-2025-53993: 
WordPress vulnerability analysis and mitigation

The JetPopup WordPress plugin versions 2.0.15 and below were found to contain an authenticated information disclosure vulnerability, identified as CVE-2025-53993. The vulnerability was discovered by researcher stealthcopter and publicly disclosed on July 16, 2025. This security issue affects the JetPopup plugin, a WordPress extension developed by Crocoblock (Patchstack).

The vulnerability has been assigned a CVSS score of 4.3 (Medium) according to Wordfence, while Patchstack rates it at 6.5 (Low). The issue is classified under the OWASP Top 10 category A1: Broken Access Control and is characterized as a Sensitive Data Exposure vulnerability. The vulnerability requires subscriber-level privileges to exploit (Patchstack, Wordfence).

This vulnerability could potentially allow malicious actors with subscriber-level access to view sensitive information that is normally not accessible to regular users. This exposed information could potentially be leveraged to exploit other weaknesses in the system (Patchstack).

The vulnerability has been patched in version 2.0.15.1 of the JetPopup plugin. Site administrators are advised to update to version 2.0.15.1 or later to remove the vulnerability. Patchstack users have the option to enable auto-updates for vulnerable plugins (Patchstack).