PT-2026-50631 · Fireplugins · Firebox Popups – Increase Sales/Grow Your Email List

Duc Manh

Published

2026-06-18

Updated

2026-06-18

CVE-2026-12120

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'form id' parameter. This makes it possible for unauthenticated attackers to extract download a full CSV export of all form submissions — including any personally identifiable information submitted by users — for any arbitrary form id.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2026-12120

Affected Products

Firebox Popups – Increase Sales/Grow Your Email List

PT-2026-50631 · Fireplugins · Firebox Popups – Increase Sales/Grow Your Email List

CVE-2026-12120

Weakness Enumeration

Related Identifiers

Affected Products

References · 10