Skip to main content

Firebox Popups Increase Sales And Grow Your Email List

1 CVEs product

Monthly

CVE-2026-12120 MEDIUM This Month

Unauthenticated CSV export of form submission data in the FireBox Popups WordPress plugin (versions up to and including 3.1.7) exposes full personally identifiable information collected by any form on the site. The flaw lies in an unprotected endpoint that accepts a `form_id` parameter without authentication or authorization checks, allowing any remote attacker to enumerate form IDs and download complete submission records. No active exploitation has been confirmed by CISA KEV, and no public exploit code has been identified at time of analysis, but the trivial exploitation conditions and PII exposure make this a meaningful privacy and compliance risk for affected WordPress deployments.

WordPress Information Disclosure Firebox Popups Increase Sales And Grow Your Email List
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthenticated CSV export of form submission data in the FireBox Popups WordPress plugin (versions up to and including 3.1.7) exposes full personally identifiable information collected by any form on the site. The flaw lies in an unprotected endpoint that accepts a `form_id` parameter without authentication or authorization checks, allowing any remote attacker to enumerate form IDs and download complete submission records. No active exploitation has been confirmed by CISA KEV, and no public exploit code has been identified at time of analysis, but the trivial exploitation conditions and PII exposure make this a meaningful privacy and compliance risk for affected WordPress deployments.

WordPress Information Disclosure Firebox Popups Increase Sales And Grow Your Email List
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy