CVE-2025-13307

The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under user-controlled conditions that Editors and Administrators can set (edit_pages capability). The conditions are then executed as part of an eval statement executed on every site page. This leads to remote code execution.

More information : https://wpscan.com/vulnerability/710de342-6fb9-47bd-a40b-7b74fc3c181b/