CVE-2023-2111

Name of the Vulnerable Software and Affected Versions Fast & Effective Popups & Lead-Generation for WordPress plugin versions prior to 2.1.4

Description The issue concerns the concatenation of user input into an SQL query without proper escaping in the plugin's report API endpoint. This could potentially allow administrators in multi-site configurations to leak sensitive information from the site's database.

Recommendations For versions prior to 2.1.4, update to version 2.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the report API endpoint until the update is applied.