216.73.217.64

CVE-2024-2541

· Published 29/08/2024 13:15 · Modified 09/09/2024 18:40

Labels: CVE-2024-2541 2024-08-29CVE-2024-2541CWE-200NVD-CWE-noinfo[email protected]

Essential information

Published
29/08/2024 13:15
Modified
09/09/2024 18:40
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers.

NVD status

Status
Analyzed — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
sygnoos / popup builder cpe:2.3:a:sygnoos:popup_builder:*:*:*:*:*:wordpress:*:*

References