CVE-2026-12120
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk25th percentile — higher than 25% of all known CVEs
Summary
The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 3.1.7 via the 'form_id' parameter. This allows unauthenticated attackers to download a full CSV export of all form submissions, including any personally identifiable information submitted by users.
Risk Assessment
Organizations may be exposed to the leakage of users' personal data, which can lead to privacy violations and potential legal consequences.
Recommendation
It is recommended to update the plugin to the latest version to mitigate this vulnerability and review the security of personal data stored in forms.
Original NVD description (English source)
The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'form_id' parameter. This makes it possible for unauthenticated attackers to extract download a full CSV export of all form submissions — including any personally identifiable information submitted by users — for any arbitrary form_id.

