The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers.
                
            Metrics
Affected Vendors & Products
References
        History
                    Mon, 09 Sep 2024 19:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Sygnoos Sygnoos popup Builder | |
| Weaknesses | NVD-CWE-noinfo | |
| CPEs | cpe:2.3:a:sygnoos:popup_builder:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products | Sygnoos Sygnoos popup Builder | 
Thu, 29 Aug 2024 20:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Popup Builder Popup Builder popup Builder | |
| CPEs | cpe:2.3:a:popup_builder:popup_builder:*:*:*:*:*:*:*:* | |
| Vendors & Products | Popup Builder Popup Builder popup Builder | |
| Metrics | ssvc 
 | 
Thu, 29 Aug 2024 13:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers. | |
| Title | Popup Builder <= 4.3.3 - Sensitive Information Exposure via Imported Subscribers CSV File | |
| Weaknesses | CWE-200 | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: Wordfence
Published: 2024-08-29T12:31:08.911Z
Updated: 2024-08-29T13:32:58.675Z
Reserved: 2024-03-15T18:14:26.691Z
Link: CVE-2024-2541
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-29T13:32:50.350Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-08-29T13:15:06.403
Modified: 2024-09-09T18:40:23.437
Link: CVE-2024-2541
 Redhat
                        Redhat
                    No data.