A vulnerability was found in Popupkit Plugin up to 2.2.0 on WordPress. It has been rated as problematic. The impacted element is the function
permission_callback of the file /subscribers of the component REST API Endpoint. This manipulation causes missing authorization.
This vulnerability is tracked as CVE-2025-14441. The attack is possible to be carried out remotely. No exploit exists.
