Lucene search

[email protected]NVD:CVE-2024-2541

HistoryAug 29, 2024 - 1:15 p.m.

CVE-2024-2541

2024-08-2913:15:06

CWE-200

[email protected]

web.nvd.nist.gov

wordpress

sensitive information exposure

subscribers import

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

37.7%

JSON

The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers.

Affected configurations

Nvd

Node

sygnoospopup_builderRange≤4.3.3wordpress

VendorProductVersionCPE
sygnoospopup_builder*cpe:2.3:a:sygnoos:popup_builder:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
sygnoos	popup_builder	*	cpe:2.3:a:sygnoos:popup_builder::::::wordpress::*

References

plugins.trac.wordpress.org/browser/popup-builder/trunk/com/libs/Importer.php

www.wordfence.com/threat-intel/vulnerabilities/id/086cd6a0-adb6-4e12-b34c-630297f036f3?source=cve

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

37.7%

JSON

Related for NVD:CVE-2024-2541

vulnrichment1 cve1 cvelist1 wordfence1