CVE-2024-2541Sensitive Information Exposure in Popup Builder

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
1.4%
top 19.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sygnoos Popup Builder
Timeline
PublishedAug 29

Description

The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-mwv6-8267-2mww: The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 42024-08-29
CVEList
Popup Builder <= 4.3.6 - Sensitive Information Exposure via Imported Subscribers CSV File2024-08-29
CVE-2024-2541 — Sensitive Information Exposure | cvebase