CVE Catalog

CVE-2026-12120

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile — higher than 25% of all known CVEs

Summary

The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 3.1.7 via the 'form_id' parameter. This allows unauthenticated attackers to download a full CSV export of all form submissions, including any personally identifiable information submitted by users.

Risk Assessment

Organizations may be exposed to the leakage of users' personal data, which can lead to privacy violations and potential legal consequences.

Recommendation

It is recommended to update the plugin to the latest version to mitigate this vulnerability and review the security of personal data stored in forms.

Original NVD description (English source)

The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'form_id' parameter. This makes it possible for unauthenticated attackers to extract download a full CSV export of all form submissions — including any personally identifiable information submitted by users — for any arbitrary form_id.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS